Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
03-16-2011, 04:29 AM
|
#1
|
|
LQ Newbie
Registered: Feb 2010
Posts: 27
Rep: 
|
REDHAT missing functionality - force user to change password on login
Good day all
I have now been trying to find an answer for the following for a while and can't seem to get anything.
On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.
This functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...
Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords.
Regards
Machiel
|
|
|
|
|
03-16-2011, 11:35 AM
|
#2
|
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Debian, FreeBSD, Ubuntu (desktop)
Posts: 3,859
Rep: 
|
You may force a user password change on RHEL5 using the chage(1) command. Please read its manpages.
My suggestion:
Code:
# chage -M 3650 -d 1985-01-01 <user_here>
|
|
|
|
|
03-17-2011, 12:54 AM
|
#3
|
|
LQ Newbie
Registered: Feb 2010
Posts: 27
Original Poster
Rep:
|
HI Anomie
I was thinking of using chage as well, however from some posts that I have found at different sources, it suggests that this does not work when users use ssh protocol to connect to the systems.
I will however give it a try with one of the users in order to test whether it works or not.
Regards
Machiel
|
|
|
|
|
03-17-2011, 12:57 AM
|
#4
|
|
LQ Newbie
Registered: Feb 2010
Posts: 27
Original Poster
Rep:
|
Thank you Anomie, I tested the chage option now and it does work, even when using ssh or other connection methods.
Regards
Machiel
|
|
|
|
|
03-17-2011, 11:08 AM
|
#5
|
|
Member
Registered: Nov 2008
Location: UK
Distribution: RHEL, Fedora
Posts: 68
Rep: 
|
Quote:
Originally Posted by anomie
You may force a user password change on RHEL5 using the chage(1) command. Please read its manpages.
My suggestion:
Code:
# chage -M 3650 -d 1985-01-01 <user_here>
|
A better solution is
Code:
# chage -d 0 <user_here>
ie, if the user has never changed their password, it will force a password change.
In your example, if the password inactive field is also set, it may lock the user out entirely due to the user not changing their expired password in 26 years. |
|
|
|
|
03-17-2011, 02:36 PM
|
#6
|
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Debian, FreeBSD, Ubuntu (desktop)
Posts: 3,859
Rep:
|
Quote:
|
Originally Posted by mikey99
A better solution is
Code:
# chage -d 0 <user_here>
ie, if the user has never changed their password, it will force a password change.
In your example, if the password inactive field is also set, it may lock the user out entirely due to the user not changing their expired password in 26 years. |
Thanks for the note. I've not tested your solution, but I will take a look. |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 10:07 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
