[SOLVED] Force change password for users in linux, without terminating the shell session
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It is a million years since I did IDM and User mangement. So my memory is a little rusty at this subject, so instead of getting your hopes up.
I hope another person will give you an answer to that question
I do not really understand: what do you mean by session termination? Kicking of the root user means reboot. If you want to change the password of root just do that.
@pan64 - He/she wants to be able to change the password of a normal user, without terminating the users sessions. Then he asked if it was possible to force the root to change password.
Two different questions
# id admin
uid=783(admin) gid=783(admin) groups=783(admin)
# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
Same here.
In my case I'm using LDAP authentification.
When the parameter shadowLastChange is zero or less, the user is forced to change the password during the first autentication.
The problem is: one time the authentication is made and the user has changed his passwd, the session closes with the error "password change failed: Invalid credentials".
However, the password is changed and in the next login the new passwd works correctly.
ssh lguillem@127.0.0.1
lguillem@127.0.0.1's password:
You are required to change your password immediately (root enforced)
need a new password
Last login: Fri Feb 16 13:23:15 2018 from gateway
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user lguillem.
(current) LDAP Password:
New password:
Retype new password:
password change failed: Invalid credentials
passwd: all authentication tokens updated successfully.
Connection to 127.0.0.1 closed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.