Re: Change password

juno2 · ‎08-13-2003

I want to have a script to force the users to regularly change the login password on RH 8 , anyone can post the script for me ? thank in advance.

Jerome Henry · ‎08-13-2003

Hi,

There is better than a script, it's a direct command (ah, UNIX...), called 'chage'.
Do a man chage for more details. You can chosse how often password must be changed, you can warn users several days in advance with personnalized messages, and so on...

J

You can lean only on what resists you...

twang · ‎08-13-2003

To 'useradd' a new account with '-f days' option:
Number of days after the password expires until the account is disabled. (If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account will not be disabled after the password expires.)

To 'usermod' an existing account with '-f days' option:
The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of 0 disables the feature.

juno2 · ‎08-13-2003

thx reply ,

I tried chage , it is great problem , it don't allow two users or above to change password at the same time , it will hold at the below screen , can suggest what is wrong in our system ? thx

login: user2
You are required to change your password immediately (root enforced)

juno2 · ‎08-13-2003

my command is

# chage -d0 userid1
# chage -d0 userid2

But when userid1 is changing the password, then userid2 can't change the password at the same time , we have about 200 users so it is a great problem of us , can suggest how to solve it ? thx.

Jerome Henry · ‎08-14-2003

I feel the problem comes from your -d option, which is used to set when password was last changed. Inputing -d0 implies that password was las changed in 1970, which may indeed make problems.

Try chage this way :

chage -M 30 -W 5 Mary

This makes Mary change her password every 30 days, and be warned 5 days before that she'll have to change it...

hth

J

You can lean only on what resists you...

juno2 · ‎08-14-2003

Thx Henry,

if not use -d0 , how to force the use change the password when the first time login ? thx

Jerome Henry · ‎08-14-2003

To change password immediately, I would use -d, but not -d0, which indicates 1970 year !

I would use :

chage -d 2003/07/17 -M 30 -W 5 Mary

I tell the machine that Mary changed her password on july 17th, 30 days ago, so she'll have to change today ! And then every 30 days, warned 5 days before deadline...

hth

J

You can lean only on what resists you...

juno2 · ‎08-14-2003

Thx Henry ,

I tried the below command , but it still not force usera to change password , can advise what is problem in my command ? thx .

# chage -d 2003/08/14 usera

Jerome Henry · ‎08-15-2003

Hello,

There are 2 ways of using chage :

1. Using 'chage usera (enter)'
You are then prompted to define when will password expire, when it was changed last time and so on.

2. Using 'chage -options usera'. This is what we do with -d or -W or -M.

The problem with your command is that you use the second way, with -d, but you tell the machine when password was changed last time, not how long password must last. This is the -M option.

If you just want the password to be changed now and once, then just run 'chage usera' and complete the asked questions.

Hope this clears up...

J

You can lean only on what resists you...

juno2 · ‎08-15-2003

thx herny's reply,

i tried -M0 , but it still have the same problem , it don't allow two users change the password at the same time - when a user hold at the change password screen , then other user can't change the password at the same time , is there other solution ? thx

Jerome Henry · ‎08-16-2003

Hi,

I'm sorry not to make muself clearly understood. Chage is a command that can run one at a time. This means that, yes, you are right, when a user's password is expired and has to be changed, the chage commands awaits for the change to be validated before being able to do the same for another one.

If 2 users connect to the same machine, at the same expiring moment, the second must wait the first to change the password before being able to do the same.

That's why we use the -M argument along with -W, which allows users to be warned some days before expiry date, so they can run 'passwd user' before deadline, and not face the '100 people logging in at 8 am, all having to change password at the same second' problem.

When it happens that 2 people do it at the same time, if the first doesn't change it fast, I just kill the shell he or she use, leaving room for the other, as this process should last a few seconds only.

Hope it helps...

J

You can lean only on what resists you...

juno2 · ‎08-17-2003

Hi Henry,

Very thanks your help and I know you are really understand my sitution , but your method "When it happens that 2 people do it at the same time, if the first doesn't change it fast, I just kill the shell he or she use, leaving room for the other, as this process should last a few seconds only. " Because we have many location ( some are distant area )to connect to our system , I can't kill all the users that are awaiting to change password because I would not know whether they are holding at the change password screen so other users can't change password at the same time.
can suggest other method ? thx.

juno2 · ‎08-18-2003

Hi Henry,

Please ignore my perviously message,
I tried the below command ,

# chage -d 2003/08/19 -W5 usera ( today is 2003/8/18 )

I got two problems

1. The warning message has displayed " Warning : Your password will expire in 1 day " , but the message will disappear very fast ( less than 1 second ) , the user indeed can't see the message .

2. is it possible to change the warning message ? (eg. Please change your password within xx days, the password should .... )

Thank you much your help

Jerome Henry · ‎08-18-2003

Hello !

1. Try to combine with -M agument. Besides, it's efficient if user logs in with a shell, not with X, as X is launched immediately after the message. If it's the case for you, then you could add a wait instruction in .basrc before startx to solve the problem...

2. I'm afraid no. Maybe is it possible to re-compile chage command, but I'm not sure. What we do is we have a general welcome message (/etc/issue.net or any other file) that is displayed on login for everybody, in which we remind a few rules, among which passwords durations, passwd usera command, and some other things.

hth

J

You can lean only on what resists you...

juno2 · ‎08-19-2003

Thx reply , firstly , the user is not use X windows , they login to the shell and access the db , Besides, even I have add -M , the warning messge is still appear , how can I make the message hold longer time ? thx

juno2 · ‎08-21-2003

Is there other method to have the warning message to users before the expiry date ? thx

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Change password

Change password