On Mon, Nov 06, 2006 at 05:07:31PM +0100, Nicolas Fran?ois wrote: > > I recommend you to set users' password by root to a simple password that > can be communicated to the user, but also tag the password as expired, so > that the user have to choose a new password the next time he login (and > then the new password will be enterred to /etc/security/opasswd; also the > administrator do not have to know the users' passwords). >
In that case, only the temporary password is written into opasswd. The user's previous password (before it was changed by root to the temporary one) is not stored in opasswd and nothing prevents the user from changing their password back to that value. Imagine a scenareo where an administrator finds out that one or more account passwords may have been disclosed to unauthorized persons. Not knowing exactly which accounts have been compromised, the administrator takes various preventive steps including assigning everyone a new temporary random password and marking it expired. Simply marking the compromised password expired is not enough, an unauthorized user could complete the password change procedure and take control of the account. The temporary passwords are hand delivered to the affected users. Unless the password hash from before the temporary password assignment is copied into opasswd, users who decide to violate the password policy can simply change their password back to the previous (compromised) value. -- Brian Ristuccia [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]