Re: password minimum days problem

[Stephen Gran]

This one time, at band camp, Michelle Konzack said:
> Am 2006-05-18 14:39:25, schrieb [EMAIL PROTECTED]:
> > So how to have PASS_MIN_DAYS set but to allow/require the new user to
> > change his password on the first login?
> 
> Write a script which change the fields in /etc/shadow

man chage is your friend.  No need to reinvent the wheel.
-- 
 -
|   ,''`.Stephen Gran |
|  : :' :[EMAIL PROTECTED] |
|  `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
 -


signature.asc
Description: Digital signature

Re: password minimum days problem

[Michelle Konzack]

Am 2006-05-18 14:39:25, schrieb [EMAIL PROTECTED]:
> 
> Here's the issue.  If PASS_MIN_DAYS is set to some value in
> /etc/login.defs, this defines the minimum number of days a user must
> keep the same password.  This is intended to prevent "password cycling".
> "Password cycling" is when a password history is used and the new
> password is required to be different than the N previous ones.  If
> there's no PASS_MIN_DAYS set then the user can immediately cycle through
> N passwords to get their old one back.
> 
> But the problem I'm having is this: when I set PASS_MIN_DAYS to some
> value, it seems that the user account must be deleted and recreated for
> the new setting to take affect.  This is all good and fine, but when I
> initially create the new user, I give them some default password that
> they should have to change right away.  However PASS_MIN_DAYS is
> preventing this from happening.
> 
> So how to have PASS_MIN_DAYS set but to allow/require the new user to
> change his password on the first login?

Write a script which change the fields in /etc/shadow

+---[ man 'shadow' ]--
| 
| SHADOW(5)SHADOW(5)
| 
| NAME
|shadow - encrypted password file
| 
| DESCRIPTION
|shadow  contains  the  encrypted  password  information for
|user's accounts and optional the  password  aging  informa-
|tion.  Included is
| 
| Login name
| 
| Encrypted password
| 
| Days since Jan 1, 1970 that password was last changed
| 
| Days before password may be changed
  ^^^
  So you should change the 4th field.
| 
| Days after which password must be changed
| 
| Days before password is to expire that user is warned
| 
| Days after password expires that account is disabled
| 
| Days since Jan 1, 1970 that account is disabled
| 
| A reserved field
+-

Greetings
Michelle Konzack


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/6/6192519367100 Strasbourg/France   IRC #Debian (irc.icq.com)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: password minimum days problem

[Michael Stone]

On Thu, May 18, 2006 at 02:39:25PM -0700, [EMAIL PROTECTED] wrote:

So how to have PASS_MIN_DAYS set but to allow/require the new user to
change his password on the first login?


Use passwd -e to force the user to change his password.

Mike Stone


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]