RHat 9 password expiration
 

Has anyone seen this sort of behavior?
On a Red Hat 9 installation I have aprox. 75 user accounts and four groups. For some unexplained reason every few days ALL the accounts suffer from the password expiration flag getting set to yes. When this happens I must open each account and reset the flag to no.

1 Does anyone have any insight into why the mysterious password expiration state change occurs?

2 Is there a way to globally set this flag for all accounts?

Your problem is with the /etc/shadow file where, along with other stuff, the password aging settings are stored (see `man 5 shadow``). These settings can be viewed and modified with the chage command. Try running chage -l on one of your users. If you see something other than 'Never' on the 'Password Expires' line then that's your culprit.

To fix, you will need to reset the 'maxdays' (maximum number of days before password expires) value to 99999, which is the default.

chage -M99999 username

should do the trick. As for how to apply this globally, I'm not sure. You may just have to write a script that runs chage on each of your users.

Good luck,
--Brad

Password expiration is not on by default. The command line utilty "chage" is used to manage this (if you are using the default password shadowing). See "man chage" for more information.

Issue a "chage -l root" or some other user to see what their settings are. Look in /etc/shadow and you can see how these settings are stored. I am not sure how this is managed beyond the individual user, but you could edit /etc/shadow by hand or script to correct this for all users.

The defaults for new users is kept in "/etc/login.defs"

If you are having to continually change these settings and people are having to continually change their passwords... you may need to be concerned. That sounds like a trojan for capturing passwords if I have ever heard of one.

-K

Ooh, good one. Hadn't thought of that.