Re: (RADIATOR) Password Expiration
Hello Ferhat - On Sun, 21 Nov 1999, Ferhat Dilman wrote: Hi, Not just AuthBy SYSTEM. We are using SQL database for example. Assume that we have set the field EXPIRE=15 and WARN=3. That means every 15 days, the user must change his/her password and probably will receive warning messages 3 days before. S/he may change his/her password either last day thru the black terminal script screen or in a way in the web server (this is easy part) My solution would be: 1- Password is set. 15 days left for changing. 3 days for warning. EXPIRE=15, WARN=3 2- Every day a backend stored procedure runs for every user and will change/remove password which is PASSWORD_CREATED+EXPIRESYSDATE (PASSWORD_CREATED (date format, is the date password created) 2- User will receive warning automatically in both black screen to change his password, and will also receive e-mail. 3- user changes his password using a web interface. and set (EXPIRE=SYSDATE+15) 4- user forgets to change his password and the final day arrives. his password expired. when he tries to re-connect he will receive "Password Expired, please use guest/guestpassword account to change password" message. User may connect to ONLY password-change page which is secure. After password changed, user may connect regularly using all services. This is my solution without (or minimal) change in radiator. What if this functionality is default in radius.cfg configuration items? (The minimal change would be to add request denied - password expired message into perl scripts and additional select statements for SQL database) And I will have to add guest/guestpassword account with IP-filter into password-change page ONLY. Now you have confused me - it looks like you have already solved the problem? Just to clarify things, what would you like to see added to Radiator? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fwd: Re: (RADIATOR) Password Expiration
-- Forwarded Message -- Subject: Re: (RADIATOR) Password Expiration Date: Sat, 20 Nov 1999 08:41:16 -0800 (PST) From: Jason Godsey [EMAIL PROTECTED] I have a cgi that allows users to change their password, it connects to a simple daemon that will change the users password. The daemon is a simple perl script that is handled by tcpserver (written by qmail's author) and seems to work great :) On Sat, 20 Nov 1999, Hugh Irvine wrote: Date: Sat, 20 Nov 1999 13:23:31 +1100 From: Hugh Irvine [EMAIL PROTECTED] To: Ferhat DILMAN [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Lutfi YUNUSOGLU [EMAIL PROTECTED] Subject: Re: (RADIATOR) Password Expiration Hello Ferhat - On Thu, 18 Nov 1999, Ferhat DILMAN wrote: %_Hi, Is there a workaround/solution for password expiration in radiator? What we basically would like to do is to enable password changing in the black terminal script screen or another way just after user gets the authentication. Well, we can certainly extend the use of getspnam to return some additional information, but I'm not sure how you would go about letting the user change his password? Can you be more specific? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Password Expiration
Hi, Not just AuthBy SYSTEM. We are using SQL database for example. Assume that we have set the field EXPIRE=15 and WARN=3. That means every 15 days, the user must change his/her password and probably will receive warning messages 3 days before. S/he may change his/her password either last day thru the black terminal script screen or in a way in the web server (this is easy part) My solution would be: 1- Password is set. 15 days left for changing. 3 days for warning. EXPIRE=15, WARN=3 2- Every day a backend stored procedure runs for every user and will change/remove password which is PASSWORD_CREATED+EXPIRESYSDATE (PASSWORD_CREATED (date format, is the date password created) 2- User will receive warning automatically in both black screen to change his password, and will also receive e-mail. 3- user changes his password using a web interface. and set (EXPIRE=SYSDATE+15) 4- user forgets to change his password and the final day arrives. his password expired. when he tries to re-connect he will receive "Password Expired, please use guest/guestpassword account to change password" message. User may connect to ONLY password-change page which is secure. After password changed, user may connect regularly using all services. This is my solution without (or minimal) change in radiator. What if this functionality is default in radius.cfg configuration items? (The minimal change would be to add request denied - password expired message into perl scripts and additional select statements for SQL database) And I will have to add guest/guestpassword account with IP-filter into password-change page ONLY. My 2 cents. Best Regards, Ferhat - Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Ferhat DILMAN" [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: "Lutfi YUNUSOGLU" [EMAIL PROTECTED] Sent: 20 Kasm 1999 Cumartesi 04:23 Subject: Re: (RADIATOR) Password Expiration Hello Ferhat - On Thu, 18 Nov 1999, Ferhat DILMAN wrote: %_Hi, Is there a workaround/solution for password expiration in radiator? What we basically would like to do is to enable password changing in the black terminal script screen or another way just after user gets the authentication. Well, we can certainly extend the use of getspnam to return some additional information, but I'm not sure how you would go about letting the user change his password? Can you be more specific? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Password Expiration
I was wrong. In 3. it must be: set PASSWORD_CREATED=SYSDATE (EXPIRE is still 15. :)) - Original Message - From: "Ferhat Dilman" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: "Lutfi YUNUSOGLU" [EMAIL PROTECTED] Sent: 21 Kasm 1999 Pazar 03:21 Subject: Re: (RADIATOR) Password Expiration Hi, Not just AuthBy SYSTEM. We are using SQL database for example. Assume that we have set the field EXPIRE=15 and WARN=3. That means every 15 days, the user must change his/her password and probably will receive warning messages 3 days before. S/he may change his/her password either last day thru the black terminal script screen or in a way in the web server (this is easy part) My solution would be: 1- Password is set. 15 days left for changing. 3 days for warning. EXPIRE=15, WARN=3 2- Every day a backend stored procedure runs for every user and will change/remove password which is PASSWORD_CREATED+EXPIRESYSDATE (PASSWORD_CREATED (date format, is the date password created) 2- User will receive warning automatically in both black screen to change his password, and will also receive e-mail. 3- user changes his password using a web interface. and set (EXPIRE=SYSDATE+15) 4- user forgets to change his password and the final day arrives. his password expired. when he tries to re-connect he will receive "Password Expired, please use guest/guestpassword account to change password" message. User may connect to ONLY password-change page which is secure. After password changed, user may connect regularly using all services. This is my solution without (or minimal) change in radiator. What if this functionality is default in radius.cfg configuration items? (The minimal change would be to add request denied - password expired message into perl scripts and additional select statements for SQL database) And I will have to add guest/guestpassword account with IP-filter into password-change page ONLY. My 2 cents. Best Regards, Ferhat - Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Ferhat DILMAN" [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: "Lutfi YUNUSOGLU" [EMAIL PROTECTED] Sent: 20 Kasm 1999 Cumartesi 04:23 Subject: Re: (RADIATOR) Password Expiration Hello Ferhat - On Thu, 18 Nov 1999, Ferhat DILMAN wrote: %_Hi, Is there a workaround/solution for password expiration in radiator? What we basically would like to do is to enable password changing in the black terminal script screen or another way just after user gets the authentication. Well, we can certainly extend the use of getspnam to return some additional information, but I'm not sure how you would go about letting the user change his password? Can you be more specific? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Password Expiration
Hello Ferhat - On Thu, 18 Nov 1999, Ferhat DILMAN wrote: %_Hi, Is there a workaround/solution for password expiration in radiator? What we basically would like to do is to enable password changing in the black terminal script screen or another way just after user gets the authentication. Well, we can certainly extend the use of getspnam to return some additional information, but I'm not sure how you would go about letting the user change his password? Can you be more specific? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Password Expiration
Title: Password Expiration Hi, Is there a workaround/solution for password expiration in radiator? What we basically would like to do is to enable password changing in the black terminal script screen or another way just after user gets the authentication. Thanks, Ferhat
Re: (RADIATOR) Password Expiration
About this issue... would be very interesting to support in future releases system native password expirations in AuthBy SYSTEM. getspnam() funcion in Shadowf can get this information from /etc/shadow file or any other method in nsswitch. Cheers. Félix Ferhat DILMAN wrote: Hi, Is there a workaround/solution for password expiration in radiator? What we basically would like to do is to enable password changing in the black terminal script screen or another way just after user gets the authentication. Thanks, Ferhat -- __ DATAGRAMA SERVICIOS GLOBALES IP C/ Acer 30 Pho: +34 93 223 00 98 08038 Barcelona ( SPAIN )Fax: +34 93 223 12 66 mailto:[EMAIL PROTECTED] http://www.datagrama.net __ ÿ Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.