On 05/02/2010 01:43 PM, Petter Reinholdtsen wrote: > One interesting feature in Active Directory, is the ability to create > a new user with an expired password, and thus force the user to change > the password on the first login attempt. > I'm not quite sure how to do that with the LDAP setup in Debian Edu, > but did some initial testing with a local account. The account and > password aging information is available in /etc/shadow, but > unfortunately, it is not possible to specify an expiration time for > passwords, only a maximum age for passwords.
Using kdm/ssh works nice if you only use ssh/kdm to log in. But if you also use samba, either with windows/mac machines, or linux machine that uses smbfs/cifs (laptops and others), you will get a problem, because kdm/ssh (or more exactly /etc/pam.d/passwd) only changes the unix-password, and not the samba password. And to have the users have a 7 days period for changing the password could be a bad idea, since many schools don't use the computers that often. So the local admin would get a higher workload. The students would experience that their account is locked, and will have to get a new one either from the teacher or the local admin. and it would cause that the students would use the system more seldom. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
