FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-28-2012, 01:23 PM
Fabien Archambault
 
Default NIS expiration of passwords

Dear all,

I have a NIS server which shares a database of users between some
computers (nodes exactly) and I would like that, on the first login,
the user changes its password.

So, on the NIS server I have made: chage -d 0 USER
Then:
# cd /var/yp
# make

On the NIS server I have:
chage -l USER
Last password change : password
must be changed
Password expires : password
must be changed
Password inactive : password
must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7


I would believe this information is shared from the server to the
other computers but here users still can connect (via SSH). If I try
to get the information on the user connected I have:
# chage -l USER
user 'USER' does not exist in /etc/passwd

This looks normal as there is no user there but then I do not know how
to enable the expiration information through NIS. Do someone has an
idea?

Thanks,
Fabien
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-28-2012, 08:49 PM
Michael Coffman
 
Default NIS expiration of passwords

On Thu, Jun 28, 2012 at 7:23 AM, Fabien Archambault <
fabien.archambault@univ-amu.fr> wrote:

> Dear all,
>
> I have a NIS server which shares a database of users between some
> computers (nodes exactly) and I would like that, on the first login,
> the user changes its password.
>
> So, on the NIS server I have made: chage -d 0 USER
> Then:
> # cd /var/yp
> # make
>
> On the NIS server I have:
> chage -l USER
> Last password change : password
> must be changed
> Password expires : password
> must be changed
> Password inactive : password
> must be changed
> Account expires : never
> Minimum number of days between password change : 0
> Maximum number of days between password change : 99999
> Number of days of warning before password expires : 7
>
>
> I would believe this information is shared from the server to the
> other computers but here users still can connect (via SSH). If I try
> to get the information on the user connected I have:
> # chage -l USER
> user 'USER' does not exist in /etc/passwd
>
> This looks normal as there is no user there but then I do not know how
> to enable the expiration information through NIS. Do someone has an
> idea?
>
>
You can't. NIS on linux does not support password aging.



> Thanks,
> Fabien
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
-MichaelC
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-06-2012, 11:12 PM
Ross Walker
 
Default NIS expiration of passwords

On Jun 28, 2012, at 4:49 PM, Michael Coffman <michael.coffman@avagotech.com> wrote:

>> I would believe this information is shared from the server to the
>> other computers but here users still can connect (via SSH). If I try
>> to get the information on the user connected I have:
>> # chage -l USER
>> user 'USER' does not exist in /etc/passwd
>>
>> This looks normal as there is no user there but then I do not know how
>> to enable the expiration information through NIS. Do someone has an
>> idea?
>>
>>
> You can't. NIS on linux does not support password aging.

If your using NIS then I would use Kerberos for the users passwords to maintain security. If your using Kerberos then I believe password aging is handled on the Kerberos server.

-Ross

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org