From owner-freebsd-questions Thu May 23 3:57:34 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hoolan.org (db217.csie.ncu.edu.tw [140.115.50.217]) by hub.freebsd.org (Postfix) with ESMTP id 8FAB037B40B; Thu, 23 May 2002 03:57:22 -0700 (PDT) Received: from localhost (jeff@localhost [127.0.0.1]) by hoolan.org (8.11.6/8.11.6) with ESMTP id g4NAv1a92807; Thu, 23 May 2002 18:57:07 +0800 (CST) (envelope-from jeff@hoolan.org) Date: Thu, 23 May 2002 18:57:01 +0800 (CST) From: Jeffrey Tang X-Sender: jeff@hoolan.org To: freebsd-questions@freebsd.org Cc: stable@freebsd.org Subject: Re: How to force one user to change his password? Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 22 May 2002, Jeff Jirsa wrote: > On 22 May 2002, Kirk Strauser wrote: > > On 22 May 2002, Jeffrey Tang wrote: > > > Yes, I setup his 'change' field to some date to enforce my password > > > change policy. When he logons, he gets a prompt to re-new password, > > > but he can still press enter to skip this procedure and get the shell. > > > > > > Password: > > > Sorry -- your password has expired. > > > > > > hanging local password for val. > > > Old password: > > > New password: <----- press enter > > > Password unchanged. > > > passwd: /etc/master.passwd: unchanged > > > Welcome, my friend from hoolan.org ! > > > $ > > > > > > So, is there any method to force users to change their stale passwords > > > before granted permission to log in? 4.5-RELEASE is running here. Please > > > CC me if possible, thank you. > > > > > > Add this near the top of their .bashrc (or other shell startup script): > > > > passwd > > if [ $? != 0 ]; then > > echo "Change your password. I mean it." > > exit > > fi > > > > Your user will *have* to change their password everytime he they log in > > until they get wise to it. Re-apply as necessary. > > I haven't checked, but I suppose that'll work well, if you like the BOFH > approach. If you just want to force them to change it, backup one of the > startup scripts (script.bak), put the above code into one copy, and below > it, restore the original script after the change is complete: > > passwd > if [ $? != 0 ]; then > echo "Change your password. I mean it." > exit > else > mv [login-script.bak] [login-script] > fi > > Then you won't have to worry about him complaining that he has to change > his password daily, in case he's not smart enough to realize what had > happened. Thank you both for your workarounds, but I suppose this is some kind of *bug* . According to passwd(5), "The change field is the number in seconds, GMT, from the epoch, until the password for the account *must be* changed." I am asking him to change his password, not merely suggesting. Shouldn't the login process reexamine change field after passwd(1) returns? -- Jeffrey Tang To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message