Date: Thu, 23 May 2002 18:57:01 +0800 (CST) From: Jeffrey Tang <freebsd@hoolan.org> To: freebsd-questions@freebsd.org Cc: stable@freebsd.org Subject: Re: How to force one user to change his password? Message-ID: <Pine.BSF.4.05.10205231840190.92718-100000@hoolan.org>
next in thread | raw e-mail | index | archive | help
On 22 May 2002, Jeff Jirsa wrote: > On 22 May 2002, Kirk Strauser wrote: > > On 22 May 2002, Jeffrey Tang wrote: > > > Yes, I setup his 'change' field to some date to enforce my password > > > change policy. When he logons, he gets a prompt to re-new password, > > > but he can still press enter to skip this procedure and get the shell. > > > > > > Password: > > > Sorry -- your password has expired. > > > > > > hanging local password for val. > > > Old password: > > > New password: <----- press enter > > > Password unchanged. > > > passwd: /etc/master.passwd: unchanged > > > Welcome, my friend from hoolan.org ! > > > $ > > > > > > So, is there any method to force users to change their stale passwords > > > before granted permission to log in? 4.5-RELEASE is running here. Please > > > CC me if possible, thank you. > > > > > > Add this near the top of their .bashrc (or other shell startup script): > > > > passwd > > if [ $? != 0 ]; then > > echo "Change your password. I mean it." > > exit > > fi > > > > Your user will *have* to change their password everytime he they log in > > until they get wise to it. Re-apply as necessary. > > I haven't checked, but I suppose that'll work well, if you like the BOFH > approach. If you just want to force them to change it, backup one of the > startup scripts (script.bak), put the above code into one copy, and below > it, restore the original script after the change is complete: > > passwd > if [ $? != 0 ]; then > echo "Change your password. I mean it." > exit > else > mv [login-script.bak] [login-script] > fi > > Then you won't have to worry about him complaining that he has to change > his password daily, in case he's not smart enough to realize what had > happened. Thank you both for your workarounds, but I suppose this is some kind of *bug* . According to passwd(5), "The change field is the number in seconds, GMT, from the epoch, until the password for the account *must be* changed." I am asking him to change his password, not merely suggesting. Shouldn't the login process reexamine change field after passwd(1) returns? -- Jeffrey Tang To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10205231840190.92718-100000>