How to force automatic change of password?

NoOp glgxg at sbcglobal.net
Wed Apr 22 23:06:10 UTC 2009


On 04/22/2009 01:13 PM, Brian McKee wrote:
> On Wed, Apr 22, 2009 at 1:15 AM, Jonathan D. Armendariz
> <jarmenda at armendariz.me> wrote:
>> Hello,
>>
>> I had a question that hopefully I'll be able to articulate successfully.
>> At work the policy is that automatically we have to change out
>> login/network passwords every 60 days or so. Having poked around a bit
>> here (9.04) I failed to see a way to set this up in such a manner on my
>> box. I'm wondering if this is possible and if so, how? Any suggestions
>> would certainly be helpful!
> 
> The others have provided info on how to do so.  Just beware one gotcha
> you might run into.
> 
> If you change a password using passwd, it does not update the Gnome
> login keyring password.
> It will still be set to the old value.  I don't know if changing your
> password thru one of the GUI tools updates the keyring password or
> not.
> 
> Fixing it is simple using the Keyring app (in preferences) but it's
> confusing until you know what's going on.
> 
> Brian
> 
> PS I've never forced a time limit before - I wonder how the user is
> presented with the issue if he runs out of time and only ever uses the
> GUI or <shudder> auto login.... hmmmm
> 

Not sure about auto login, however when changed using:

sudo chage <username>

the user is warned about a required change at the login screen. If the
password needs to be reset immediately, the user is prompted for old
password/new password + verify. If the password is too similar to the
old it will not be accepted. I just tested on another account; set the
expire for today & then switched users to login.

Was:
$ sudo chage -l <username>
Last password change					: Jan 14, 2009
Password expires					: Jan 15, 2009
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 1
Maximum number of days between password change		: 1
Number of days of warning before password expires	: 7

Changed:
$ sudo chage -l <username>
Last password change					: Apr 22, 2009
Password expires					: Apr 23, 2009
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 1
Maximum number of days between password change		: 1
Number of days of warning before password expires	: 7

Changed it back to defaults:
$ sudo chage -l <username>
Last password change					: Apr 22, 2009
Password expires					: Apr 22, 2009
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 0
Number of days of warning before password expires	: 7

I've another machine with auto login that I can test on to see what
happens there, but can't do it until later this afternoon. Also, I
suspect that doing the password change this way does/may create issue
with keyring as you mentioned. With the new password in place things
were slow & stalled - my guess is that the keyring stuff was trying to
timeout due to failed password, but that will take a little more testing.








More information about the ubuntu-users mailing list