Am 2006-05-18 14:39:25, schrieb [EMAIL PROTECTED]:
>
> Here's the issue. If PASS_MIN_DAYS is set to some value in
> /etc/login.defs, this defines the minimum number of days a user must
> keep the same password. This is intended to prevent "password cycling".
> "Password cycling" is when a password history is used and the new
> password is required to be different than the N previous ones. If
> there's no PASS_MIN_DAYS set then the user can immediately cycle through
> N passwords to get their old one back.
>
> But the problem I'm having is this: when I set PASS_MIN_DAYS to some
> value, it seems that the user account must be deleted and recreated for
> the new setting to take affect. This is all good and fine, but when I
> initially create the new user, I give them some default password that
> they should have to change right away. However PASS_MIN_DAYS is
> preventing this from happening.
>
> So how to have PASS_MIN_DAYS set but to allow/require the new user to
> change his password on the first login?
Write a script which change the fields in /etc/shadow
+---[ man 'shadow' ]--
|
| SHADOW(5)SHADOW(5)
|
| NAME
|shadow - encrypted password file
|
| DESCRIPTION
|shadow contains the encrypted password information for
|user's accounts and optional the password aging informa-
|tion. Included is
|
| Login name
|
| Encrypted password
|
| Days since Jan 1, 1970 that password was last changed
|
| Days before password may be changed
^^^
So you should change the 4th field.
|
| Days after which password must be changed
|
| Days before password is to expire that user is warned
|
| Days after password expires that account is disabled
|
| Days since Jan 1, 1970 that account is disabled
|
| A reserved field
+-
Greetings
Michelle Konzack
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]