Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   NIS expiration of passwords (http://www.linux-archive.org/centos/678105-nis-expiration-passwords.html)

Fabien Archambault 06-28-2012 01:23 PM

NIS expiration of passwords
 
Dear all,

I have a NIS server which shares a database of users between some
computers (nodes exactly) and I would like that, on the first login,
the user changes its password.

So, on the NIS server I have made: chage -d 0 USER
Then:
# cd /var/yp
# make

On the NIS server I have:
chage -l USER
Last password change : password
must be changed
Password expires : password
must be changed
Password inactive : password
must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7


I would believe this information is shared from the server to the
other computers but here users still can connect (via SSH). If I try
to get the information on the user connected I have:
# chage -l USER
user 'USER' does not exist in /etc/passwd

This looks normal as there is no user there but then I do not know how
to enable the expiration information through NIS. Do someone has an
idea?

Thanks,
Fabien
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Michael Coffman 06-28-2012 08:49 PM

NIS expiration of passwords
 
On Thu, Jun 28, 2012 at 7:23 AM, Fabien Archambault <
fabien.archambault@univ-amu.fr> wrote:

> Dear all,
>
> I have a NIS server which shares a database of users between some
> computers (nodes exactly) and I would like that, on the first login,
> the user changes its password.
>
> So, on the NIS server I have made: chage -d 0 USER
> Then:
> # cd /var/yp
> # make
>
> On the NIS server I have:
> chage -l USER
> Last password change : password
> must be changed
> Password expires : password
> must be changed
> Password inactive : password
> must be changed
> Account expires : never
> Minimum number of days between password change : 0
> Maximum number of days between password change : 99999
> Number of days of warning before password expires : 7
>
>
> I would believe this information is shared from the server to the
> other computers but here users still can connect (via SSH). If I try
> to get the information on the user connected I have:
> # chage -l USER
> user 'USER' does not exist in /etc/passwd
>
> This looks normal as there is no user there but then I do not know how
> to enable the expiration information through NIS. Do someone has an
> idea?
>
>
You can't. NIS on linux does not support password aging.



> Thanks,
> Fabien
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
-MichaelC
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Ross Walker 07-06-2012 11:12 PM

NIS expiration of passwords
 
On Jun 28, 2012, at 4:49 PM, Michael Coffman <michael.coffman@avagotech.com> wrote:

>> I would believe this information is shared from the server to the
>> other computers but here users still can connect (via SSH). If I try
>> to get the information on the user connected I have:
>> # chage -l USER
>> user 'USER' does not exist in /etc/passwd
>>
>> This looks normal as there is no user there but then I do not know how
>> to enable the expiration information through NIS. Do someone has an
>> idea?
>>
>>
> You can't. NIS on linux does not support password aging.

If your using NIS then I would use Kerberos for the users passwords to maintain security. If your using Kerberos then I believe password aging is handled on the Kerberos server.

-Ross

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 06:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.