NIS password change forcing

[Patrick Szuta]

Is it possible to implement password expiration with NIS?
Or does anyone have some other suggestions for forcing the users
to change passwords.
Thanks.

[phn@icke-reklam.ipsec.nu]

Patrick Szuta <pat@u00.math.uiuc.edu> wrote:

> Is it possible to implement password expiration with NIS?

No

> Or does anyone have some other suggestions for forcing the users
> to change passwords.
> Thanks.

Start with asking yourself if password aging enhances your security
( as opposed to good passwords and good procedures)

--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.

[K7MEM]

[email]phn@icke-reklam.ipsec.nu[/email] wrote:

> Patrick Szuta <pat@u00.math.uiuc.edu> wrote:
>

>>Is it possible to implement password expiration with NIS?

>
> No
>

>>Or does anyone have some other suggestions for forcing the users
>>to change passwords.
>>Thanks.

>
>
> Start with asking yourself if password aging enhances your security
> ( as opposed to good passwords and good procedures)
>

When someone asks this question it usually has little to do with whether
the users have good passwords or not. In my case it is a corporate
directive that had to be implemented. We use the field in the "shadow"
file that stores the date of the last password change. A perl script run
from cron checks all the NIS entries every morning. 10 days before the
password is to expire, notices are sent. If the password is not changed
in time, the users shell is removed. The script has also been expanded
to disable expired accounts that are older than 180 days.

The entry in the password file is the number of days since January 1,
1970 so it does take a little math the figure things out. We have been
using this method for years and it works great.

--
Martin E. Meserve
[email]k7mem@myrealbox.com[/email]