Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Question about expired/expiring passwords (http://www.linux-archive.org/fedora-directory/692395-question-about-expired-expiring-passwords.html)

"Morris, Patrick" 08-09-2012 08:40 PM

Question about expired/expiring passwords
 
It’s up to the client to support warnings about password expiration (that true in general, not just where LDAP is involved).* I have no idea how, or even if, WS_FTP, Filezilla or pGina support that, but I suspect they don’t.
*
In my environment I’ve written scripts that will send emails when a password is close to expiration, since the clients many of our users connect with will never do it.
*
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of harry.devine@faa.gov
Sent: Thursday, August 09, 2012 1:02 PM
To: 389-users@lists.fedoraproject.org
Subject: [389-users] Question about expired/expiring passwords
*

In our environment, we have users that authenticate to our LDAP server in a few ways:

* * * * 1) they log into the server directly using SSH via PuTTY;
* * * * 2) they log in to our server using FileZilla or WS_FTP using SFTP;
* * * * 3) they authenticate their account via the LDAP on a Windows server using pGina

In method 1, they are prompted to change their password if it is expired, or are given the warning about the password will expire in X days. *How do I have the user get a similar warning/message when connecting via methods 2 and 3? *We have a lot of users who get themselves flustered because they think they have the right password, but because they're never warned or given a message, they think its wrong, put in a few more passwords, and eventually lock their account out.

Any ideas?
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@faa.gov
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

08-10-2012 12:24 PM

Question about expired/expiring passwords
 
Yeah, I figured as much, but thought
I'd ask. *I have a script that runs nightly to notify users of impending
expirations, and it works well. *Unfortunately, they usually get ignored,
which is why I thought if the "you password is due to expire in X
days" hits them whereever and however they connect, that would help.



No big deal. *Thanks for the help!

Harry








From:
"Morris, Patrick" <patrick.morris@hp.com>



To:
"389-users@lists.fedoraproject.org"
<389-users@lists.fedoraproject.org>

Date:
08/09/2012 04:41 PM

Subject:
Re: [389-users] Question about expired/expiring
passwords

Sent by:
389-users-bounces@lists.fedoraproject.org








It’s up to the client to
support warnings about password expiration (that true in general, not just
where LDAP is involved). *I have no idea how, or even if, WS_FTP,
Filezilla or pGina support that, but I suspect they don’t.

*

In my environment I’ve written
scripts that will send emails when a password is close to expiration, since
the clients many of our users connect with will never do it.

*

From: 389-users-bounces@lists.fedoraproject.org
[mailto:389-users-bounces@lists.fedoraproject.org]
On Behalf Of harry.devine@faa.gov

Sent: Thursday, August 09, 2012 1:02 PM

To: 389-users@lists.fedoraproject.org

Subject: [389-users] Question about expired/expiring passwords

*



In our environment, we have users that authenticate to our LDAP server
in a few ways:



* * * *1) they log into the server directly using
SSH via PuTTY;

* * * *2) they log in to our server using FileZilla
or WS_FTP using SFTP;

* * * *3) they authenticate their account via the
LDAP on a Windows server using pGina




In method 1, they are prompted to change their password if it is expired,
or are given the warning about the password will expire in X days. *How
do I have the user get a similar warning/message when connecting via methods
2 and 3? *We have a lot of users who get themselves flustered because
they think they have the right password, but because they're never warned
or given a message, they think its wrong, put in a few more passwords,
and eventually lock their account out.




Any ideas?

Harry



Harry Devine

Common ARTS Software Development

AJM-245

(609)485-4218

Harry.Devine@faa.gov[attachment
"smime.p7s" deleted by Harry Devine/ACT/FAA] --

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Leo Pleiman 08-10-2012 12:30 PM

Question about expired/expiring passwords
 
I'm not familiar with #3 but for #2 you could add a check of the password age to the login process. The implement it universally but it in the etc login process.

On Aug 9, 2012 4:01 PM, <harry.devine@faa.gov> wrote:


In our environment, we have users that
authenticate to our LDAP server in a few ways:



* * * * 1)
they log into the server directly using SSH via PuTTY;

* * * * 2)
they log in to our server using FileZilla or WS_FTP using SFTP;

* * * * 3)
they authenticate their account via the LDAP on a Windows server using
pGina



In method 1, they are prompted to change
their password if it is expired, or are given the warning about the password
will expire in X days. *How do I have the user get a similar warning/message
when connecting via methods 2 and 3? *We have a lot of users who get
themselves flustered because they think they have the right password, but
because they're never warned or given a message, they think its wrong,
put in a few more passwords, and eventually lock their account out.



Any ideas?

Harry



Harry Devine

Common ARTS Software Development

AJM-245

(609)485-4218

Harry.Devine@faa.gov
--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 02:34 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.