Hi,
Not just AuthBy SYSTEM. We are using SQL database for example.
Assume that we have set the field EXPIRE=15 and WARN=3. That means every 15
days, the user must change his/her password and probably will receive
warning messages 3 days before. S/he may change his/her password either last
day thru the black terminal script screen or in a way in the web server
(this is easy part)
My solution would be:
1- Password is set. 15 days left for changing. 3 days for warning.
EXPIRE=15, WARN=3
2- Every day a backend stored procedure runs for every user and will
change/remove password which is PASSWORD_CREATED+EXPIRE>SYSDATE
(PASSWORD_CREATED (date format, is the date password created)
2- User will receive warning automatically in both black screen to change
his password, and will also receive e-mail.
3- user changes his password using a web interface. and set
(EXPIRE=SYSDATE+15)
4- user forgets to change his password and the final day arrives. his
password expired. when he tries to re-connect he will receive "Password
Expired, please use guest/guestpassword account to change password" message.
User may connect to ONLY password-change page which is secure. After
password changed, user may connect regularly using all services.
This is my solution without (or minimal) change in radiator. What if this
functionality is default in radius.cfg configuration items?
(The minimal change would be to add request denied - password expired
message into perl scripts and additional select statements for SQL database)
And I will have to add guest/guestpassword account with IP-filter into
password-change page ONLY.
My 2 cents.
Best Regards,
Ferhat
----- Original Message -----
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Ferhat DILMAN" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: "Lutfi YUNUSOGLU" <[EMAIL PROTECTED]>
Sent: 20 Kasım 1999 Cumartesi 04:23
Subject: Re: (RADIATOR) Password Expiration
>
> Hello Ferhat -
>
> On Thu, 18 Nov 1999, Ferhat DILMAN wrote:
> > >%_Hi,
> >
> > Is there a workaround/solution for password expiration in radiator?
> >
> > What we basically would like to do is to enable password changing in the
> > black terminal script screen or another way just after user gets the
> > authentication.
> >
>
> Well, we can certainly extend the use of getspnam to return some
additional
> information, but I'm not sure how you would go about letting the user
change
> his password?
>
> Can you be more specific?
>
> thanks
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
