System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way of getting all users to change their password upon next login

 
Mark Parsons
Valued Contributor

Is there a way of getting all users to change their password upon next login

Hi,

We have been asked to set all user accounts to have 15+ character passwords. I have therefore set MIN_PASSWORD_LENGTH to 15 in /etc/defaults/security.

I now need to force ALL users to change their password accordingly on their next login (just the next login - not anymore after that) but I cant seem to find any option or variable to allow me to do this for all - it looks like you can only do it on a one account at a time only basis i.e. 

passwd -f user-name or /usr/lbin/modprpw -e user-name

Any suggestions? HP release is 11.31

Many thanks.

3 REPLIES 3
ranganath ramachandra
Esteemed Contributor

Re: Is there a way of getting all users to change their password upon next login

Did this modprpw(1M) option not work for your requirement?

 

-E   This option is specified WITHOUT a user name to expire all user's
     passwords.  It goes through the protected password database and
     zeroes the successful change time of all users.  The result is
     all users will need to enter a new password at their next login.

 

 
--
ranga
(i work for hpe)
Bill Hassell
Honored Contributor

Re: Is there a way of getting all users to change their password upon next login

There isn't an expire-everyone option because it can break administrative logins. You have to be selective but it would be a simple editing task. Create a file with just the usernames you want to force the password change. You can then use vi to insert the passwd or modprpw text in front of each user name. Then run the file: # sh /tmp/usernames



Bill Hassell, sysadmin
Mark Parsons
Valued Contributor

Re: Is there a way of getting all users to change their password upon next login

I guess though that modprpw -E will do any / all accounts in the password file and there is probably some accounts that you might not want to do that to?