LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-10-2011, 06:26 AM   #1
noir911
Member
 
Registered: Apr 2004
Posts: 682

Rep: Reputation: Disabled
Let users to change password when locked-out


My company has policy that user accounts expire once a month and they also get locked out if they re-try login more than 3 times (pam_tally). It gets very annoying every time they come and ask to get password changed.

How do I let users change their own password? Also let the system email them every day for two weeks before password expiration and until they change their password?

Thanks.
 
Old 03-10-2011, 06:32 AM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Hello,

Are your users prohibited to change their own passwords? Have you had it tried at user level? Normally a password is user defined and users can change them using the passwd utility.

If you're looking for a way to automate notification about expiration of passwords, then look here for some ideas. Easily adapted to your needs. Of course you need to be able to send out emails from that server which I assume you are.

Kind regards,

Eric
 
Old 03-10-2011, 06:34 AM   #3
spoovy
Member
 
Registered: Feb 2010
Location: London, UK
Distribution: Scientific, Ubuntu, Fedora
Posts: 373

Rep: Reputation: 43
passwd has setuid bit set by default. Users can change their own passwords just by running 'passwd'. Unless you have additional restrictions on there (maybe the sysadmin has removed the setuid bit?).
 
Old 03-11-2011, 02:32 AM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
What about using ssh-keys or hostbased-authentication?
 
Old 03-11-2011, 03:58 PM   #5
noir911
Member
 
Registered: Apr 2004
Posts: 682

Original Poster
Rep: Reputation: Disabled
Users can try SSH 3 times - after which they get locked out of the system via pam_tally so they cannot log back in again to execute the passwd(1) command.

ssh-keys could be good but they would use it without password which is deemed insecure.
 
Old 03-11-2011, 04:29 PM   #6
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Quote:
Originally Posted by noir911 View Post
ssh-keys could be good but they would use it without password which is deemed insecure.
First this would be to educate the users not to use it with an empty passphrase. Do you maintain also their workstations? A passphraseless private key looks different from one with any attached passphrase and can be detected by a cron-job or alike. We use only ssh-key login and disabled login by passwords. So any intruder needs at least to get his hand on a private key.

NB: Why is there no pam module for ssh-keygen like it is for passwd to impose some restrictions on the passphrase?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How can the non-root users change their password if....... challavijay Linux - Newbie 3 07-31-2010 03:55 PM
Avoid users to change password sinchan_ Linux - General 10 10-21-2009 03:48 PM
Help in LDAP; Users can change their password ashwintumma Linux - Software 1 08-22-2009 11:24 AM
Best way for users to change/recover password psychobyte Linux - Networking 1 01-18-2006 01:58 AM
How to get a list of users with their password status (expired, account locked...)? ricky_ds Linux - General 6 02-28-2005 10:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration