Hello y'all

I have been dabbling with kickstart for a while now and I am looking for the best way to force the "root" user password change at their first login.

Why is that ? I provide a boot CD with a default password set in kickstart and I want the users to change this password so discovering the default password would be useless for attackers.

So far, I used to modify /root/.bashrc to call a script such as this one:

#!/bin/sh

passwd root

# Take off ${0}from the bashrc file
cat /root/.bashrc | sed s/${0}// > /root/.bashrc.tmp
cp -f /root/.bashrc.tmp /root/.bashrc

But I don't really like that solution so I tried to use the ageing commands in the %post section of kickstart:

change -d 0 root

Unfortunately, it doesn't seem to work, anybo dy got a better solution ?

Thank you very much for your help.

Richard

Try:
# chage -M 3650 -d 1975-01-01 root

Thank you Anomie, I mistook "change" for "chage", the latter works fine and forces the change.

However, in my case I get a strange behaviour: When I use chage to force the password change, this means that I have to enter the actual password twice before entering the new one (one for login and one for password change), a bit on the heavy side. It also curiously changes the required password strength (cannot force the use of a simple password for tests purposes for instances).

I will probably carry on using a simple "passwd root" in a script file called at login for those last bad reasons but your answer was absolutely correct and a valuable tip, thank you.