]> pere.pagekite.me Git - homepage.git/blob - blog/Forcing_new_users_to_change_their_password_on_first_login.html
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Generated.
[homepage.git] / blog / Forcing_new_users_to_change_their_password_on_first_login.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
4 <head>
5 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
6 <title>Petter Reinholdtsen: Forcing new users to change their password on first login</title>
7 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
8 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
9
10
11 </head>
12 <body>
13 <div class="title">
14 <h1>
15 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
16
17 </h1>
18
19 </div>
20
21
22 <div class="entry">
23 <div class="title">Forcing new users to change their password on first login</div>
24 <div class="date"> 2nd May 2010</div>
25 <div class="body"><p>One interesting feature in Active Directory, is the ability to
26 create a new user with an expired password, and thus force the user to
27 change the password on the first login attempt.</p>
28
29 <p>I'm not quite sure how to do that with the LDAP setup in Debian
30 Edu, but did some initial testing with a local account. The account
31 and password aging information is available in /etc/shadow, but
32 unfortunately, it is not possible to specify an expiration time for
33 passwords, only a maximum age for passwords.</p>
34
35 <p>A freshly created account (using adduser test) will have these
36 settings in /etc/shadow:</p>
37
38 <blockquote><pre>
39 root@tjener:~# chage -l test
40 Last password change : May 02, 2010
41 Password expires : never
42 Password inactive : never
43 Account expires : never
44 Minimum number of days between password change : 0
45 Maximum number of days between password change : 99999
46 Number of days of warning before password expires : 7
47 root@tjener:~#
48 </pre></blockquote>
49
50 <p>The only way I could come up with to create a user with an expired
51 account, is to change the date of the last password change to the
52 lowest value possible (January 1th 1970), and the maximum password age
53 to the difference in days between that date and today. To make it
54 simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
55 avoid testing if 0 is a valid value).</p>
56
57 <p>After using these commands to set it up, it seem to work as
58 intended:</p>
59
60 <blockquote><pre>
61 root@tjener:~# chage -d 1 test; chage -M 10950 test
62 root@tjener:~# chage -l test
63 Last password change : Jan 02, 1970
64 Password expires : never
65 Password inactive : never
66 Account expires : never
67 Minimum number of days between password change : 0
68 Maximum number of days between password change : 10950
69 Number of days of warning before password expires : 7
70 root@tjener:~#
71 </pre></blockquote>
72
73 <p>So far I have tested this with ssh and console, and kdm (in
74 Squeeze) login, and all ask for a new password before login in the
75 user (with ssh, I was thrown out and had to log in again).</p>
76
77 <p>Perhaps we should set up something similar for Debian Edu, to make
78 sure only the user itself have the account password?</p>
79
80 <p>If you want to comment on or help out with implementing this for
81 Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
82
83 <p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
84 shadow(8) page in Debian/testing now state that setting the date of
85 last password change to zero (0) will force the password to be changed
86 on the first login. This was not mentioned in the manual in Lenny, so
87 I did not notice this in my initial testing. I have tested it on
88 Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
89 tested it on Lenny yet.</p>
90
91 <p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
92 equivalent command to expire a password is '<tt>passwd -e
93 username</tt>', which insert zero into the date of the last password
94 change.</p>
95 </div>
96
97 <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.</div>
98
99
100 </div>
101
102
103
104
105 <div id="sidebar">
106
107
108
109 <h2>Archive</h2>
110 <ul>
111
112 <li>2017
113 <ul>
114
115 <li><a href="http://people.skolelinux.org/pere/blog/archive/2017/01/">January (4)</a></li>
116
117 <li><a href="http://people.skolelinux.org/pere/blog/archive/2017/02/">February (3)</a></li>
118
119 <li><a href="http://people.skolelinux.org/pere/blog/archive/2017/03/">March (5)</a></li>
120
121 <li><a href="http://people.skolelinux.org/pere/blog/archive/2017/04/">April (2)</a></li>
122
123 <li><a href="http://people.skolelinux.org/pere/blog/archive/2017/06/">June (4)</a></li>
124
125 </ul></li>
126
127 <li>2016
128 <ul>
129
130 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/01/">January (3)</a></li>
131
132 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/02/">February (2)</a></li>
133
134 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/03/">March (3)</a></li>
135
136 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/04/">April (8)</a></li>
137
138 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/05/">May (8)</a></li>
139
140 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/06/">June (2)</a></li>
141
142 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/07/">July (2)</a></li>
143
144 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/08/">August (5)</a></li>
145
146 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (2)</a></li>
147
148 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (3)</a></li>
149
150 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/11/">November (8)</a></li>
151
152 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/12/">December (5)</a></li>
153
154 </ul></li>
155
156 <li>2015
157 <ul>
158
159 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/01/">January (7)</a></li>
160
161 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/02/">February (6)</a></li>
162
163 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/03/">March (1)</a></li>
164
165 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/04/">April (4)</a></li>
166
167 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/05/">May (3)</a></li>
168
169 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/06/">June (4)</a></li>
170
171 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/07/">July (6)</a></li>
172
173 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/08/">August (2)</a></li>
174
175 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/09/">September (2)</a></li>
176
177 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/10/">October (9)</a></li>
178
179 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/11/">November (6)</a></li>
180
181 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/12/">December (3)</a></li>
182
183 </ul></li>
184
185 <li>2014
186 <ul>
187
188 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/01/">January (2)</a></li>
189
190 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/02/">February (3)</a></li>
191
192 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (8)</a></li>
193
194 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (7)</a></li>
195
196 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/05/">May (1)</a></li>
197
198 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/06/">June (2)</a></li>
199
200 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/07/">July (2)</a></li>
201
202 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/08/">August (2)</a></li>
203
204 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/09/">September (5)</a></li>
205
206 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/10/">October (6)</a></li>
207
208 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/11/">November (3)</a></li>
209
210 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/12/">December (5)</a></li>
211
212 </ul></li>
213
214 <li>2013
215 <ul>
216
217 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/01/">January (11)</a></li>
218
219 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/02/">February (9)</a></li>
220
221 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/03/">March (9)</a></li>
222
223 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/04/">April (6)</a></li>
224
225 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/05/">May (9)</a></li>
226
227 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/06/">June (10)</a></li>
228
229 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/07/">July (7)</a></li>
230
231 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/08/">August (3)</a></li>
232
233 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/09/">September (5)</a></li>
234
235 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/10/">October (7)</a></li>
236
237 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/11/">November (9)</a></li>
238
239 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/12/">December (3)</a></li>
240
241 </ul></li>
242
243 <li>2012
244 <ul>
245
246 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
247
248 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
249
250 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
251
252 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>
253
254 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>
255
256 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>
257
258 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>
259
260 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>
261
262 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (9)</a></li>
263
264 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/10/">October (17)</a></li>
265
266 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/11/">November (10)</a></li>
267
268 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/12/">December (7)</a></li>
269
270 </ul></li>
271
272 <li>2011
273 <ul>
274
275 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
276
277 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
278
279 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
280
281 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
282
283 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
284
285 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
286
287 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
288
289 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
290
291 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
292
293 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
294
295 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
296
297 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
298
299 </ul></li>
300
301 <li>2010
302 <ul>
303
304 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
305
306 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
307
308 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
309
310 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
311
312 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
313
314 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
315
316 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
317
318 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
319
320 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
321
322 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
323
324 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
325
326 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
327
328 </ul></li>
329
330 <li>2009
331 <ul>
332
333 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
334
335 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
336
337 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
338
339 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
340
341 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
342
343 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
344
345 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
346
347 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
348
349 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
350
351 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
352
353 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
354
355 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
356
357 </ul></li>
358
359 <li>2008
360 <ul>
361
362 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
363
364 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
365
366 </ul></li>
367
368 </ul>
369
370
371
372 <h2>Tags</h2>
373 <ul>
374
375 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
376
377 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
378
379 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
380
381 <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
382
383 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (9)</a></li>
384
385 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (16)</a></li>
386
387 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
388
389 <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
390
391 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (149)</a></li>
392
393 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (158)</a></li>
394
395 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian-handbook">debian-handbook (3)</a></li>
396
397 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
398
399 <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (16)</a></li>
400
401 <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (24)</a></li>
402
403 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
404
405 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (349)</a></li>
406
407 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
408
409 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
410
411 <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (30)</a></li>
412
413 <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
414
415 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (18)</a></li>
416
417 <li><a href="http://people.skolelinux.org/pere/blog/tags/h264">h264 (20)</a></li>
418
419 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
420
421 <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (15)</a></li>
422
423 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (20)</a></li>
424
425 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
426
427 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (8)</a></li>
428
429 <li><a href="http://people.skolelinux.org/pere/blog/tags/lsdvd">lsdvd (2)</a></li>
430
431 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
432
433 <li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>
434
435 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (39)</a></li>
436
437 <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (9)</a></li>
438
439 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (290)</a></li>
440
441 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (189)</a></li>
442
443 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (33)</a></li>
444
445 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
446
447 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (64)</a></li>
448
449 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (99)</a></li>
450
451 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
452
453 <li><a href="http://people.skolelinux.org/pere/blog/tags/reactos">reactos (1)</a></li>
454
455 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
456
457 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>
458
459 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (10)</a></li>
460
461 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
462
463 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (5)</a></li>
464
465 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
466
467 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (52)</a></li>
468
469 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
470
471 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (5)</a></li>
472
473 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (55)</a></li>
474
475 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (6)</a></li>
476
477 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (11)</a></li>
478
479 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (48)</a></li>
480
481 <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (3)</a></li>
482
483 <li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>
484
485 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
486
487 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (59)</a></li>
488
489 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
490
491 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (40)</a></li>
492
493 </ul>
494
495
496 </div>
497 <p style="text-align: right">
498 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.6</a>
499 </p>
500
501 </body>
502 </html>
Nettsider og blogg.