This year was my 4th year handing out password to our yearly 180 new pupils at my school. This year, unlike the other years, I did somethin "clever"; making a mandatory change of password via kdm at first login.
When they logged on with the username and password created by wlus, they were immediately prompted by kdm to change their passwords before kde started. This is how I did this: At about line 109 i /etc/ldap/slapd.conf I added these lines: access to attrs=shadowLastChange by self ssf=128 =wx by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx by * read At about line 1126 in /usr/share/webmin/ldap-users/ldap-users.pl I added these lines: shadowMin =>0, shadowMax =>99999, shadowWarning =>7, shadowLastChange=>0, This prompts everyone to change their password, whether they login via kdm or ssh. The only drawback to this approach is that it only changes the userPassword (Linux password), not sambaLMPassword or sambaNTPassword, but I don't have any windows-machines anyway. Later once they get to know Skolelinux, I introduce them to https://tjener.intern:10000 via a webbrowser, it's nice not having to walk them through changing their passwords in wlus as the first thing they do on Skolelinux, that tends to "scare" people. Feedback and improvements are very welcome, especially if these changes that I made to slapd.conf and ldap-users.pl are sane, and if it is possible to also get the sambaLMPassword and sambaNTPassword changed this way (I suspect kdepasswd needs to be disciplined to do this). Klaus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]