Hello all.

I am working on a project to write a script in Perl to set a random password on a remote host and am looking for ways to make the password expire after a set period of time. I posted on the Perl forums and they referred me to visit Linux forums.

In the scipt, I simply ssh into the host and then run a 'passwd' for the user name I am generating a password for. I wanted to use one of the arguments for 'passwd' to make it expire after 1 day (such as 'password -x -1 [username]'), but I do not have the account priveleges, and I do not believe the script will be run on root.

Are there any other ways I can reset the password remotely after a set period of time?

OR is there a way to automatically create a one-time password that expires after login?

Another thing I might mention is that the password would need to be changed within the hour it was set.

I don't know of any commands that will allow you to set a password to expire so soon? The only things I can think of is simply having the program wait for a little bit before changing the password?

Any thoughts would be appreciative. Thanks in advance!

Linux (and every Unix I've used) perform password expiration on a daily basis, not an hourly one. This requires superuser (root) privileges to set up, but once set up, every password would expire after the number of days set. Like you mention, the -x option can override this (it's actually "passwd -x 1 [username]") but you would also need to override the mindays to 0 so it could be reset All that being said, it won't work for you as you need the password to expire after an hour, not a day. You could leave the process running after you change the password the first time with a "sleep 3600" and then change the password again, or you could set a timestamp in a file somewhere and check it with a cron job.

You probably don't want to run the cronjob every minute to check for a password change ticket though. If you set it to run every 5 minutes to look for a ticket that was older then an hour the passwords would timeout after at most an hour and 4 minutes 59 seconds. That is probably sufficient, however you would be the one to judge that. This would also not put as much load on your system to do something that won't be necessary 95+% of the time. You can increase the time between checks to suit your needs, the faster you do it, the more accurate your timeout will be at the expense of using more resources. You'll need to judge a happy medium between the two.

The second way this can be done, keeping the process open and sleeping for an hour, you leave a lot of resources tied up, but they would likely be swapped out and wouldn't use very much CPU. Enough of them at once though and it could cause serious resource utilization issues to your system.

HTH

Forrest

forrestt, thanks for the advice. I did create a cronjob to run every 5minutes. It seems to be working as expected.

Appreciate the input.

3SRT, no problem. Glad I could help.

Forrest