LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-15-2004, 11:19 AM   #1
clacour
Member
 
Registered: Sep 2003
Location: Dallas, Tx, USA
Distribution: Red Hat, Gentoo, Libranet
Posts: 98

Rep: Reputation: 16
PAM/shadow question: How do I force the password to be changed?


We mostly use AIX (IBM's flavor of Unix) at work, and there's one thing about the password that I'm used to that I'm trying to figure out how to get PAM to do.

When the password is set by root, the next time the user logs in, they are forced to change it.

I've tried to duplicate this functionality with PAM, but I can't figure it out.

Looking at "man 5 shadow", it looks like all you would need to do is set the 5th field, "days after which password must be changed" to 0, but that doesn't work.

I've tried several variations on that (adjusting the "number of days since password was last changed" and other fields, and so far I get one of two results:
  • The password routine accepts the password, but just logs me in. It doesn't ask for a new password.
  • The password routine appears to accept the password, but immediately ends the session.

I'm looking for either of two things here:

A) An explanation of how the fields in /etc/shadow actually work, with an example of how to do what I'm talking about (or which pam module to use with whichever options are appropriate). (Please don't point me to any of the man pages or the Linux-PAM System Administrator's guide - I've read those, and they didn't help.)

B) A command for setting the parameters on a userid that says things like how long the password is good for, whether a password must be changed, etc. (I don't really care about the internal guts of PAM, shadow, etc., I just want to use this functionality. At this point, I'm assuming I'll need to learn that to be able to do what I want, but if there's a pre-canned solution, I'll take it happily.

Thanks for any help you can give.
 
Old 03-25-2004, 01:31 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Please don't point me to any of the man pages or the Linux-PAM System Administrator's guide - I've read those, and they didn't help.
Since you didn't mention reading it, try "man chage".
AFAIK there's no way to make PAM do this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shadow password - password field ayhopkins Linux - Security 8 11-17-2005 05:25 AM
useradd without shadow password twallstr Linux - Software 1 09-08-2005 02:14 PM
Shadow password encryption mnisski Linux - General 3 05-28-2004 06:24 PM
postfix + smtpauth + pam/shadow dazk Debian 0 07-30-2003 10:41 AM
shadow password wincrk Linux - Security 3 03-16-2003 09:07 PM


All times are GMT -5. The time now is 05:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration