Hi Richard, I also tried this now /usr/bin/chage -d 0 -W -1 -E -1 -I -1 -M -1 -m -1 user1 It still doesn't work. After executing the above command chage -l user1 reports: Minimum: -1 Maximum: -1 Warning: -1 Inactive: -1 Last Change: Never Password Expires: Never Password Inactive: Never Account Expires: Never Do you get similar output? What ssh client are you using? I tried with Mindterm, openssh client installed on linux and ssh client installed with cygwin. They all don't work. I get the error message and the connection is terminated immediately. But if I login as user2 and then try "su user1" I get the error message and then the prompt to change password (similar to the prompts you get when passwd is run). Since it works with su and not with ssh and the authentication process goes through PAM I wonder if you have different settings. Can you post your PAM version, /etc/pam.d/su and /etc/pam.d/sshd files? We should probably compare the module-type "account" settings in these files. I dont see the difference in account modules in my /etc/pam.d/su and /etc/pam.d/sshd/ files more /etc/pam.d/su #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth account required /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth session required /lib/security/$ISA/pam_stack.so service=system-auth session optional /lib/security/$ISA/pam_xauth.so --------------------------------------------------------------- more /etc/pam.d/sshd #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so Thanks for your help! Raj On Sat, 19 Feb 2005 Richard Lefebvre wrote : >It seems to work for me, I do put everything else to -1: > >/usr/bin/chage -d 0 -W -1 -E -1 -I -1 -M -1 -m -1 user1 > >Also, I don't permit login via telnet, or rlogin only ssh > > >Raj Kumar wrote: >> Hi Richard! >> >>I tried that before. The error message I get is >> You are required to change your password immediately (root enforced) >>Your password has expired, the session cannot proceed. >>Connection to testserver closed >> >>The user does not get to the prompt to change password. How else can he change the password if he doesnt have access to the shell? >> >>thank you, >>Raj >> >> >> >>On Fri, 18 Feb 2005 Richard Lefebvre wrote : >> >"chage -d 0 user1" should do the trick. >> > >> >Richard >> > >> >Raj Kumar wrote: >> >>Hi Mike, >> >> >> >>I logged in as user1 today and I did not get any warnings. So "passwd -f user1" does not force the user to change password after 24Hrs. >> >> >> >>Are there any other options to force the user to change their passwords at first logon? >> >> >> >>Thank you, >> >>Raj >> >> >> >> >> >> >> >><http://clients.rediff.com/signature/track_sig.asp> <A target="_blank" HREF="http://clients.rediff.com/signature/track_sig.asp"><IMG SRC="http://ads.rediff.com/RealMedia/ads/adstream_nx.cgi/www.rediffmail.com/inbox.htm@Bottom" BORDER=0 VSPACE=0 HSPACE=0></a>