LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   REDHAT missing functionality - force user to change password on login (https://www.linuxquestions.org/questions/linux-security-4/redhat-missing-functionality-force-user-to-change-password-on-login-868869/)

machielr 03-16-2011 04:29 AM
REDHAT missing functionality - force user to change password on login
 
Good day all

I have now been trying to find an answer for the following for a while and can't seem to get anything.

On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.

This functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...

Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords.

Regards
Machiel

anomie 03-16-2011 11:35 AM
You may force a user password change on RHEL5 using the chage(1) command. Please read its manpages.

My suggestion:
Code:
# chage -M 3650 -d 1985-01-01 <user_here>

machielr 03-17-2011 12:54 AM
HI Anomie

I was thinking of using chage as well, however from some posts that I have found at different sources, it suggests that this does not work when users use ssh protocol to connect to the systems.


I will however give it a try with one of the users in order to test whether it works or not.

Regards
Machiel

machielr 03-17-2011 12:57 AM
Thank you Anomie, I tested the chage option now and it does work, even when using ssh or other connection methods.

Regards
Machiel

mikey99 03-17-2011 11:08 AM
Quote:
Originally Posted by anomie (Post 4292732)
You may force a user password change on RHEL5 using the chage(1) command. Please read its manpages.

My suggestion:
Code:
# chage -M 3650 -d 1985-01-01 <user_here>
A better solution is

Code:
# chage -d 0 <user_here>
ie, if the user has never changed their password, it will force a password change.

In your example, if the password inactive field is also set, it may lock the user out entirely due to the user not changing their expired password in 26 years.

anomie 03-17-2011 02:36 PM
Quote:
Originally Posted by mikey99
A better solution is

Code:
# chage -d 0 <user_here>
ie, if the user has never changed their password, it will force a password change.

In your example, if the password inactive field is also set, it may lock the user out entirely due to the user not changing their expired password in 26 years.
Thanks for the note. I've not tested your solution, but I will take a look.


All times are GMT -5. The time now is 12:02 AM.