How to force automatic change of password?
NoOp
glgxg at sbcglobal.net
Wed Apr 22 23:06:10 UTC 2009
On 04/22/2009 01:13 PM, Brian McKee wrote:
> On Wed, Apr 22, 2009 at 1:15 AM, Jonathan D. Armendariz
> <jarmenda at armendariz.me> wrote:
>> Hello,
>>
>> I had a question that hopefully I'll be able to articulate successfully.
>> At work the policy is that automatically we have to change out
>> login/network passwords every 60 days or so. Having poked around a bit
>> here (9.04) I failed to see a way to set this up in such a manner on my
>> box. I'm wondering if this is possible and if so, how? Any suggestions
>> would certainly be helpful!
>
> The others have provided info on how to do so. Just beware one gotcha
> you might run into.
>
> If you change a password using passwd, it does not update the Gnome
> login keyring password.
> It will still be set to the old value. I don't know if changing your
> password thru one of the GUI tools updates the keyring password or
> not.
>
> Fixing it is simple using the Keyring app (in preferences) but it's
> confusing until you know what's going on.
>
> Brian
>
> PS I've never forced a time limit before - I wonder how the user is
> presented with the issue if he runs out of time and only ever uses the
> GUI or <shudder> auto login.... hmmmm
>
Not sure about auto login, however when changed using:
sudo chage <username>
the user is warned about a required change at the login screen. If the
password needs to be reset immediately, the user is prompted for old
password/new password + verify. If the password is too similar to the
old it will not be accepted. I just tested on another account; set the
expire for today & then switched users to login.
Was:
$ sudo chage -l <username>
Last password change : Jan 14, 2009
Password expires : Jan 15, 2009
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 1
Number of days of warning before password expires : 7
Changed:
$ sudo chage -l <username>
Last password change : Apr 22, 2009
Password expires : Apr 23, 2009
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 1
Number of days of warning before password expires : 7
Changed it back to defaults:
$ sudo chage -l <username>
Last password change : Apr 22, 2009
Password expires : Apr 22, 2009
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 0
Number of days of warning before password expires : 7
I've another machine with auto login that I can test on to see what
happens there, but can't do it until later this afternoon. Also, I
suspect that doing the password change this way does/may create issue
with keyring as you mentioned. With the new password in place things
were slow & stalled - my guess is that the keyring stuff was trying to
timeout due to failed password, but that will take a little more testing.
More information about the ubuntu-users
mailing list