Hi all,
i Have a qmail server running nicely , now i need to enforce the users to change their passwords in a timely manner, that is every qmail users password should expire after 90 days , but my qmail GUI or comand line tool does not equiped with an option for password aging or expiry of password ,frome some documents me got an idea about to edit /etc/login.defs , but am not sure about the configuration with that file
so it will be greatfull if some one helps me to solve this issue with my mail server... and i googled a bit but those search are not able to provide more help on this topic

Thanks&Regards
Hamza

What's the security reasoning behind a change every 90 days?
* Fred Cohen revisits his 1997 writing http://all.net/Analyst/2011-04.pdf
* RJA - http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c02.pdf
* Spaf - http://www.cerias.purdue.edu/site/bl...-change-myths/
* Schneier - http://www.schneier.com/blog/archive...ng_passwo.html

hi inosaurusroot, actually we using qmail for intranet mail, its a little bit huge organisation so many employees are joining and leaving company and also a chance for passing passwords to colegues. that was the reason for forcing passwrd change... the links u given are absolutely right ... but i cant take it as a policy cos policies are held by heads of dptmnt ... it wil be very help ful if u giving a a way to implement this policy
thanks
hamza