FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 07-14-2008, 05:48 PM
Ben Kevan
 
Default Forcing users to change password at login - Probably "Again"

Hi,

I am writing this because I need to know how to force a password to be changed
at next login via a useradd script.

I originally wrote my script on an openSUSE box, which had the passwd -e
argument, however RHEL4 (haven't checked RHEL5) does not have this argument
avaliable.

In the script I have also tried:

passwd -f $ACCT (the acct variable is obviously the account name), but that
makes me change the default created password at that time and not when the
user logs in the next time

another method I tried was:
chage -d 0 $ACCT (again this method let me su $ACCT) without having to change
the password at all.. (this is not the behavior I want).

So.. Is there a method I can use that allows what I want? Here is the user add
portion of my script:

useradd *-u $UUID -g $GID -c "$COMNT" -d $HDIR -s $USHELL $ACCT -p $pass &&
passwd -e $ACCT

The above works in SuSE but not in RHEL due to the lack of -e argument for
useradd.

All and any help is very greatful. Thank you

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 08:00 PM
"Marcos Aurelio Rodrigues"
 
Default Forcing users to change password at login - Probably "Again"

Try:

#chage -d 01/01/1970 user


Marcos

On Mon, Jul 14, 2008 at 2:48 PM, Ben Kevan <ben.kevan@gmail.com> wrote:

> Hi,
>
> I am writing this because I need to know how to force a password to be
> changed
> at next login via a useradd script.
>
> I originally wrote my script on an openSUSE box, which had the passwd -e
> argument, however RHEL4 (haven't checked RHEL5) does not have this argument
> avaliable.
>
> In the script I have also tried:
>
> passwd -f $ACCT (the acct variable is obviously the account name), but that
> makes me change the default created password at that time and not when the
> user logs in the next time
>
> another method I tried was:
> chage -d 0 $ACCT (again this method let me su $ACCT) without having to
> change
> the password at all.. (this is not the behavior I want).
>
> So.. Is there a method I can use that allows what I want? Here is the user
> add
> portion of my script:
>
> useradd -u $UUID -g $GID -c "$COMNT" -d $HDIR -s $USHELL $ACCT -p $pass &&
> passwd -e $ACCT
>
> The above works in SuSE but not in RHEL due to the lack of -e argument for
> useradd.
>
> All and any help is very greatful. Thank you
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
========================================
Marcos Aurelio Rodrigues
<deigratia33@gmail.com>
CCNA, MCSO, Security+
Mirabilia laudo semprer, Dei
========================================
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 08:20 PM
Ben Kevan
 
Default Forcing users to change password at login - Probably "Again"

On Monday 14 July 2008 01:00:59 pm Marcos Aurelio Rodrigues wrote:
> Try:
>
> #chage -d 01/01/1970 user
>
>
> Marcos
> --
> ========================================
> Marcos Aurelio Rodrigues
> <deigratia33@gmail.com>
> CCNA, MCSO, Security+
> Mirabilia laudo semprer, Dei
> ========================================

Marcos,

Unfortunately that did not work in my case.. When I created the user, i was
able to su user and log in with assigned password, and was not prompted to
change.

Again, this is not the behavior that -e has..

Does anyone know exactly what the -e argument does?

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 09:24 PM
"Hari N"
 
Default Forcing users to change password at login - Probably "Again"

Ben,

After the line in your script where you create a new user, you could try
adding a line that will change the third field in /etc/shadow for that new
user and make that value zero. Basically passwd -f command does the same. If
this value is set to zero, it should prompt the user to change his password
when he logs in next time.

Regards,
Hari

On Mon, Jul 14, 2008 at 4:20 PM, Ben Kevan <ben.kevan@gmail.com> wrote:

> On Monday 14 July 2008 01:00:59 pm Marcos Aurelio Rodrigues wrote:
> > Try:
> >
> > #chage -d 01/01/1970 user
> >
> >
> > Marcos
> > --
> > ========================================
> > Marcos Aurelio Rodrigues
> > <deigratia33@gmail.com>
> > CCNA, MCSO, Security+
> > Mirabilia laudo semprer, Dei
> > ========================================
>
> Marcos,
>
> Unfortunately that did not work in my case.. When I created the user, i was
> able to su user and log in with assigned password, and was not prompted to
> change.
>
> Again, this is not the behavior that -e has..
>
> Does anyone know exactly what the -e argument does?
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 09:33 PM
"Hari N"
 
Default Forcing users to change password at login - Probably "Again"

On Mon, Jul 14, 2008 at 5:24 PM, Hari N <hari2n@gmail.com> wrote:

> Ben,
>
> After the line in your script where you create a new user, you could try
> adding a line that will change the third field in /etc/shadow for that new
> user and make that value zero. Basically passwd -f command does the same. If
> this value is set to zero, it should prompt the user to change his password
> when he logs in next time.
>
> Regards,
> Hari



I meant to send an example as well:

cat /etc/shadow | grep username
usernamevXk64RTyiOeR:*10360*

change it to: usernamevXk64RTyiOeR:*0
*
See if this helps.

Regards,
Hari*
*
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 10:01 PM
Ben Kevan
 
Default Forcing users to change password at login - Probably "Again"

On Monday 14 July 2008 02:24:18 pm Hari N wrote:
> Ben,
>
> After the line in your script where you create a new user, you could try
> adding a line that will change the third field in /etc/shadow for that new
> user and make that value zero. Basically passwd -f command does the same.
> If this value is set to zero, it should prompt the user to change his
> password when he logs in next time.
>
> Regards,
> Hari
>

Hi Hari,

Wanted a nice easy solution that didn't need the modification of /etc/shadow
via a script (but doesn't seem like that is a choice)... I used what seems to
be the only solution (changing modifying /etc/shadow).. Here it is if anyone
cares to use:

egrep -v "^$ACCT:" < /etc/shadow > /tmp/shadow.tmp
egrep "^$ACCT:" /etc/shadow |
awk -F: '{print $1 ":" $2 ":0:" $4 ":" $5 ":"
$6 ":" $7 ":" $8 ":" $9}' >> /tmp/shadow.tmp
mv /tmp/shadow.tmp /etc/shadow

I may create a script to call, to lock and unlock the shadow file while it's
being modified by the script.. Damn I wish -e would be implemented into
RHEL..

Does anyone know why it wasn't?

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 10:37 PM
Ben Kevan
 
Default Forcing users to change password at login - Probably "Again"

On Monday 14 July 2008 02:33:55 pm Hari N wrote:
> On Mon, Jul 14, 2008 at 5:24 PM, Hari N <hari2n@gmail.com> wrote:
> > Ben,
> >
> > After the line in your script where you create a new user, you could try
> > adding a line that will change the third field in /etc/shadow for that
> > new user and make that value zero. Basically passwd -f command does the
> > same. If this value is set to zero, it should prompt the user to change
> > his password when he logs in next time.
> >
> > Regards,
> > Hari
>
> I meant to send an example as well:
>
> cat /etc/shadow | grep username
> usernamevXk64RTyiOeR:*10360*
>
> change it to: usernamevXk64RTyiOeR:*0
> *
> See if this helps.
>
> Regards,
> Hari*
> *

I may have spoken too soon.

Even with shadow's 3rd option in RHEL4 being 0 it still allows me to su tuser
without changing the password:

tuseraY93y97Lh8sA:0:0:99999:7:::

Again this works fine on a SUSE box (which I did my initial testing) ..

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 10:52 PM
Ben Kevan
 
Default Forcing users to change password at login - Probably "Again"

On Monday 14 July 2008 02:33:55 pm Hari N wrote:
> On Mon, Jul 14, 2008 at 5:24 PM, Hari N <hari2n@gmail.com> wrote:
> > Ben,
> >
> > After the line in your script where you create a new user, you could try
> > adding a line that will change the third field in /etc/shadow for that
> > new user and make that value zero. Basically passwd -f command does the
> > same. If this value is set to zero, it should prompt the user to change
> > his password when he logs in next time.
> >
> > Regards,
> > Hari
>
> I meant to send an example as well:
>
> cat /etc/shadow | grep username
> usernamevXk64RTyiOeR:*10360*
>
> change it to: usernamevXk64RTyiOeR:*0
> *
> See if this helps.
>
> Regards,
> Hari*
> *

Again let me recorrect myself.

It does work, just not with the su username command.. But they are required to
change their password if they log into the box via SSH (I have not yet
checked a X session (which shouldn't be needed, but we do provide TWM for
some developers who request it) ..

Thanks for the help

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 11:02 PM
Ben Kevan
 
Default Forcing users to change password at login - Probably "Again"

On Monday 14 July 2008 02:33:55 pm Hari N wrote:
> On Mon, Jul 14, 2008 at 5:24 PM, Hari N <hari2n@gmail.com> wrote:
> > Ben,
> >
> > After the line in your script where you create a new user, you could try
> > adding a line that will change the third field in /etc/shadow for that
> > new user and make that value zero. Basically passwd -f command does the
> > same. If this value is set to zero, it should prompt the user to change
> > his password when he logs in next time.
> >
> > Regards,
> > Hari
>
> I meant to send an example as well:
>
> cat /etc/shadow | grep username
> usernamevXk64RTyiOeR:*10360*
>
> change it to: usernamevXk64RTyiOeR:*0
> *
> See if this helps.
>
> Regards,
> Hari*
> *

And just to make me feel bad..

chage -d 0 does what my script does.. but for some reason when you su username
in RHEL 4 it does not look for the expiration in /etc/shadow (pretty lame) ..

Oh well.. thanks for all the help

Ben

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 11:43 PM
mark
 
Default Forcing users to change password at login - Probably "Again"

Ben Kevan wrote:
>
> I am writing this because I need to know how to force a password to be changed
> at next login via a useradd script.
>
> I originally wrote my script on an openSUSE box, which had the passwd -e
> argument, however RHEL4 (haven't checked RHEL5) does not have this argument
> avaliable.
>
> In the script I have also tried:
>
> passwd -f $ACCT (the acct variable is obviously the account name), but that
> makes me change the default created password at that time and not when the
> user logs in the next time
<snip>
The man page on passwd says
-e The user will be forced to change the password at next login.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 02:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org