LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-16-2011, 04:29 AM   #1
machielr
LQ Newbie
 
Registered: Feb 2010
Posts: 27

Rep: Reputation: 0
Question REDHAT missing functionality - force user to change password on login


Good day all

I have now been trying to find an answer for the following for a while and can't seem to get anything.

On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.

This functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...

Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords.

Regards
Machiel
 
Old 03-16-2011, 11:35 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
You may force a user password change on RHEL5 using the chage(1) command. Please read its manpages.

My suggestion:
Code:
# chage -M 3650 -d 1985-01-01 <user_here>
 
Old 03-17-2011, 12:54 AM   #3
machielr
LQ Newbie
 
Registered: Feb 2010
Posts: 27

Original Poster
Rep: Reputation: 0
HI Anomie

I was thinking of using chage as well, however from some posts that I have found at different sources, it suggests that this does not work when users use ssh protocol to connect to the systems.


I will however give it a try with one of the users in order to test whether it works or not.

Regards
Machiel
 
Old 03-17-2011, 12:57 AM   #4
machielr
LQ Newbie
 
Registered: Feb 2010
Posts: 27

Original Poster
Rep: Reputation: 0
Thank you Anomie, I tested the chage option now and it does work, even when using ssh or other connection methods.

Regards
Machiel
 
Old 03-17-2011, 11:08 AM   #5
mikey99
Member
 
Registered: Nov 2008
Location: UK
Distribution: RHEL, Fedora
Posts: 68

Rep: Reputation: 12
Quote:
Originally Posted by anomie View Post
You may force a user password change on RHEL5 using the chage(1) command. Please read its manpages.

My suggestion:
Code:
# chage -M 3650 -d 1985-01-01 <user_here>
A better solution is

Code:
# chage -d 0 <user_here>
ie, if the user has never changed their password, it will force a password change.

In your example, if the password inactive field is also set, it may lock the user out entirely due to the user not changing their expired password in 26 years.
 
Old 03-17-2011, 02:36 PM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by mikey99
A better solution is

Code:
# chage -d 0 <user_here>
ie, if the user has never changed their password, it will force a password change.

In your example, if the password inactive field is also set, it may lock the user out entirely due to the user not changing their expired password in 26 years.
Thanks for the note. I've not tested your solution, but I will take a look.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to force user to change password after expiration in Linux? ssy68 Linux - Newbie 4 06-30-2011 02:54 PM
How to force a user to change their NIS password at logon? synthol6 AIX 1 08-17-2010 08:47 PM
Create user add file with default password and force user to change it? Morgandy Linux - Newbie 3 02-02-2010 05:06 PM
RH 5.2 - First login: Force root password change le_forban Linux - Enterprise 2 01-20-2009 07:24 AM
redhat pre 7.2 had login.def to force standard user to sign on first ForumKid Linux - General 1 08-14-2003 04:32 PM


All times are GMT -5. The time now is 06:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration