LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-29-2007, 09:35 AM   #1
3SRT
LQ Newbie
 
Registered: Nov 2007
Posts: 2

Rep: Reputation: 0
Trying to set password expiration less than 1 hour


Hello all.

I am working on a project to write a script in Perl to set a random password on a remote host and am looking for ways to make the password expire after a set period of time. I posted on the Perl forums and they referred me to visit Linux forums.

In the scipt, I simply ssh into the host and then run a 'passwd' for the user name I am generating a password for. I wanted to use one of the arguments for 'passwd' to make it expire after 1 day (such as 'password -x -1 [username]'), but I do not have the account priveleges, and I do not believe the script will be run on root.

Are there any other ways I can reset the password remotely after a set period of time?

OR is there a way to automatically create a one-time password that expires after login?

Another thing I might mention is that the password would need to be changed within the hour it was set.

I don't know of any commands that will allow you to set a password to expire so soon? The only things I can think of is simply having the program wait for a little bit before changing the password?

Any thoughts would be appreciative. Thanks in advance!
 
Old 11-29-2007, 12:01 PM   #2
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Linux (and every Unix I've used) perform password expiration on a daily basis, not an hourly one. This requires superuser (root) privileges to set up, but once set up, every password would expire after the number of days set. Like you mention, the -x option can override this (it's actually "passwd -x 1 [username]") but you would also need to override the mindays to 0 so it could be reset
Code:
passwd -n 0 -x 1 username
All that being said, it won't work for you as you need the password to expire after an hour, not a day. You could leave the process running after you change the password the first time with a "sleep 3600" and then change the password again, or you could set a timestamp in a file somewhere and check it with a cron job.

You probably don't want to run the cronjob every minute to check for a password change ticket though. If you set it to run every 5 minutes to look for a ticket that was older then an hour the passwords would timeout after at most an hour and 4 minutes 59 seconds. That is probably sufficient, however you would be the one to judge that. This would also not put as much load on your system to do something that won't be necessary 95+% of the time. You can increase the time between checks to suit your needs, the faster you do it, the more accurate your timeout will be at the expense of using more resources. You'll need to judge a happy medium between the two.

The second way this can be done, keeping the process open and sleeping for an hour, you leave a lot of resources tied up, but they would likely be swapped out and wouldn't use very much CPU. Enough of them at once though and it could cause serious resource utilization issues to your system.

HTH

Forrest
 
Old 11-30-2007, 05:15 PM   #3
3SRT
LQ Newbie
 
Registered: Nov 2007
Posts: 2

Original Poster
Rep: Reputation: 0
forrestt, thanks for the advice. I did create a cronjob to run every 5minutes. It seems to be working as expected.

Appreciate the input.
 
Old 11-30-2007, 05:46 PM   #4
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
3SRT, no problem. Glad I could help.

Forrest
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Expiration Policy bspicer Linux - General 7 05-12-2007 04:26 AM
RHat 9 password expiration send-more-ux Red Hat 3 10-01-2003 06:56 PM
Samba Password Expiration kharris Linux - Software 1 09-22-2003 06:25 AM
Password expiration - help klmn1 Linux - General 1 12-31-2002 12:04 AM
Password expiration klmn1 Linux - Networking 1 12-26-2002 01:08 PM


All times are GMT -5. The time now is 03:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration