Will you be using some backend database; LDAP, AD, eDirectory, etc.? "Typically" RADIUS either permits or denies based on a query reply it receives from the backend system. I don't *think* you would be allowed to change your password via RADIUS (it typically only has RO access to the DB, and I'm not even sure the RADIUS protocol supports it), but I *believe* it will pass attributes to your client that will indicate if the password is expired or not.
And yes, typical password policy requires a change every n days; sometimes as often as 30 days, sometimes every 180+ Gary -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Jeffrey Belles Sent: Wednesday, March 23, 2011 2:37 PM To: freeradius-users@lists.freeradius.org Subject: Network authentication and password policy Hello, I am new to this list and planning to deploy a radius-server. Sole purpose will be to authenticate against network equipment. Mainly Juniper and cisco and Sonicwall. I am looking for best practice solutions for password policy. Is there any way to force network engineers to change their passwords after either first login or expiry date? Having everybody manually submit passwords on the server and/or having them change it every x weeks seems a bad plan. Anyone any ideas? Thx Rgds, Jeffrey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html