Help with password expire

2003-09-07 Thread Chris Petrik 
I am trying to use freebsd's way of password expiration to make it so i need 
to change my password every 30 days ive got:
:warnpassword=4d:\
:passwordtime=30d:
in my /etc/login.conf did a cap_mkdb /etc/login.conf
i tryed to change the password of one of my users using passwd and it doesnt 
seem to add a change time to it according to chpass the:
Change [month day year]:
stays unchanged but if i manually add the change time using pw it adds the 
change time but if i change the password it doesnt add a new change time do 
i need to edit the /etc/pam.d/passwd and uncomment the top line thats 
commented out ? cause it seems to be broken atm as it doesnt do what i ask 
it to do.
if you need anythign else please let me know

-chris

_
Get 10MB of e-mail storage! Sign up for Hotmail Extra Storage.  
http://join.msn.com/?PAGE=features/es

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Help with password expire

2003-09-07 Thread Glenn Johnson 
On Sun, Sep 07, 2003 at 04:31:33PM -0700, Chris Petrik wrote:

 I am trying to use freebsd's way of password expiration to make it so
 i need to change my password every 30 days ive got:
 :warnpassword=4d:\
 :passwordtime=30d:
 in my /etc/login.conf did a cap_mkdb /etc/login.conf i tryed to change
 the password of one of my users using passwd and it doesnt seem to
 add a change time to it according to chpass the:  Change [month day
 year]: stays unchanged but if i manually add the change time using pw
 it adds the change time but if i change the password it doesnt add a
 new change time do i need to edit the /etc/pam.d/passwd and uncomment
 the top line thats commented out ? cause it seems to be broken atm as
 it doesnt do what i ask it to do. if you need anythign else please let
 me know

A password expiry system is not natively implemented in FreeBSD although
the password expiry field in the password database allows one to set up
a system.

The users on the system where I work log in mostly via gdm so I set
up some checks in the PreSession file to check the password expiry
field and call passwd if the password has expired.  After a successful
password change, the pw command is called to reset the expiry field.  To
catch the case where a user changes the password at a time other than
when prompted via the PreSession script I set up a script that runs via
periodic/daily.  This script checks the expiry field and if 0 it calls
pw to set the expiry field to the appropriate value.  Since this runs
daily, the assumption is that the password was changed within the last
24 hours.

The password warning feature works really well with gdm as it pops up a
dialog box.  There is no warning at console logins but I am the only one
allowed to login at the console so that is not a big deal for me but 
may be for you.

There is a warning displayed during an ssh login but it is very easy
to miss it as it scrolls off the screen.  One warning about ssh: Once
the user's password has expired, ssh will not allow the login thereby
locking out that user from that mode of access.  This is not FreeBSD
specific.

There are probably several ways to write scripts for this and they would 
have to be tailored to your situation but hopefully I have given you 
some ideas about how to proceed.  One thing that will definitely 
influence how you ultimately set this up is whether you use NIS or not.

-- 
Glenn Johnson
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]