[rhn-users] found solution to support password aging for NIS accounts

[Raj Kumar]

Hello All,

I had problem figuring out this solution. I hope this message helps someone like me and save sometime!!

To support password aging for NIS accounts set both the merging options (for passwd and group) to FALSE in /var/yp/Makefile, and then push the shadow file out with the rest of the NIS maps.  

..... /var/yp/Makefile
# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=false

# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
MERGE_GROUP=false

.....include shadow in the all target.
# If you don't want some of these maps built, feel free to comment
# them out from this list
                                          
all:  passwd group shadow 

----------------------------------------------

To set the default password's age modify the parameter PASS_MAX_DAYS (90- to force user to change password after 90 days) in /etc/login.defs on the NIS server. To set the password's age for existing accounts use command "chage" (chage -M 90 username)

caveat:  some versions of ssh do not handle expired passwords very well. The openssh server that comes with RH doesn't seem to support it. When a user whose password has expired log in he will see get an error message and the connection is terminated immediately. Some one on this list mentioned SSH server from www.ssh.com supports it-- I didn't try.   

Hope this helps someone!

Raj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20050224/f84a80ba/attachment.htm>