]> pere.pagekite.me Git - homepage.git/blob - blog/Forcing_new_users_to_change_their_password_on_first_login.html
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Generated.
[homepage.git] / blog / Forcing_new_users_to_change_their_password_on_first_login.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
4 <head>
5 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
6 <title>Petter Reinholdtsen: Forcing new users to change their password on first login</title>
7 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
8 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
9
10
11 </head>
12 <body>
13 <div class="title">
14 <h1>
15 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
16
17 </h1>
18
19 </div>
20
21
22 <div class="entry">
23 <div class="title">Forcing new users to change their password on first login</div>
24 <div class="date"> 2nd May 2010</div>
25 <div class="body"><p>One interesting feature in Active Directory, is the ability to
26 create a new user with an expired password, and thus force the user to
27 change the password on the first login attempt.</p>
28
29 <p>I'm not quite sure how to do that with the LDAP setup in Debian
30 Edu, but did some initial testing with a local account. The account
31 and password aging information is available in /etc/shadow, but
32 unfortunately, it is not possible to specify an expiration time for
33 passwords, only a maximum age for passwords.</p>
34
35 <p>A freshly created account (using adduser test) will have these
36 settings in /etc/shadow:</p>
37
38 <blockquote><pre>
39 root@tjener:~# chage -l test
40 Last password change : May 02, 2010
41 Password expires : never
42 Password inactive : never
43 Account expires : never
44 Minimum number of days between password change : 0
45 Maximum number of days between password change : 99999
46 Number of days of warning before password expires : 7
47 root@tjener:~#
48 </pre></blockquote>
49
50 <p>The only way I could come up with to create a user with an expired
51 account, is to change the date of the last password change to the
52 lowest value possible (January 1th 1970), and the maximum password age
53 to the difference in days between that date and today. To make it
54 simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
55 avoid testing if 0 is a valid value).</p>
56
57 <p>After using these commands to set it up, it seem to work as
58 intended:</p>
59
60 <blockquote><pre>
61 root@tjener:~# chage -d 1 test; chage -M 10950 test
62 root@tjener:~# chage -l test
63 Last password change : Jan 02, 1970
64 Password expires : never
65 Password inactive : never
66 Account expires : never
67 Minimum number of days between password change : 0
68 Maximum number of days between password change : 10950
69 Number of days of warning before password expires : 7
70 root@tjener:~#
71 </pre></blockquote>
72
73 <p>So far I have tested this with ssh and console, and kdm (in
74 Squeeze) login, and all ask for a new password before login in the
75 user (with ssh, I was thrown out and had to log in again).</p>
76
77 <p>Perhaps we should set up something similar for Debian Edu, to make
78 sure only the user itself have the account password?</p>
79
80 <p>If you want to comment on or help out with implementing this for
81 Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
82
83 <p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
84 shadow(8) page in Debian/testing now state that setting the date of
85 last password change to zero (0) will force the password to be changed
86 on the first login. This was not mentioned in the manual in Lenny, so
87 I did not notice this in my initial testing. I have tested it on
88 Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
89 tested it on Lenny yet.</p>
90
91 <p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
92 equivalent command to expire a password is '<tt>passwd -e
93 username</tt>', which insert zero into the date of the last password
94 change.</p>
95 </div>
96
97 <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.</div>
98
99
100 </div>
101
102
103
104
105 <div id="sidebar">
106
107
108
109 <h2>Archive</h2>
110 <ul>
111
112 <li>2016
113 <ul>
114
115 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/01/">January (3)</a></li>
116
117 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/02/">February (2)</a></li>
118
119 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/03/">March (1)</a></li>
120
121 </ul></li>
122
123 <li>2015
124 <ul>
125
126 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/01/">January (7)</a></li>
127
128 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/02/">February (6)</a></li>
129
130 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/03/">March (1)</a></li>
131
132 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/04/">April (4)</a></li>
133
134 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/05/">May (3)</a></li>
135
136 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/06/">June (4)</a></li>
137
138 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/07/">July (6)</a></li>
139
140 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/08/">August (2)</a></li>
141
142 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/09/">September (2)</a></li>
143
144 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/10/">October (9)</a></li>
145
146 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/11/">November (6)</a></li>
147
148 <li><a href="http://people.skolelinux.org/pere/blog/archive/2015/12/">December (3)</a></li>
149
150 </ul></li>
151
152 <li>2014
153 <ul>
154
155 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/01/">January (2)</a></li>
156
157 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/02/">February (3)</a></li>
158
159 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (8)</a></li>
160
161 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (7)</a></li>
162
163 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/05/">May (1)</a></li>
164
165 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/06/">June (2)</a></li>
166
167 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/07/">July (2)</a></li>
168
169 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/08/">August (2)</a></li>
170
171 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/09/">September (5)</a></li>
172
173 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/10/">October (6)</a></li>
174
175 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/11/">November (3)</a></li>
176
177 <li><a href="http://people.skolelinux.org/pere/blog/archive/2014/12/">December (5)</a></li>
178
179 </ul></li>
180
181 <li>2013
182 <ul>
183
184 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/01/">January (11)</a></li>
185
186 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/02/">February (9)</a></li>
187
188 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/03/">March (9)</a></li>
189
190 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/04/">April (6)</a></li>
191
192 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/05/">May (9)</a></li>
193
194 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/06/">June (10)</a></li>
195
196 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/07/">July (7)</a></li>
197
198 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/08/">August (3)</a></li>
199
200 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/09/">September (5)</a></li>
201
202 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/10/">October (7)</a></li>
203
204 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/11/">November (9)</a></li>
205
206 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/12/">December (3)</a></li>
207
208 </ul></li>
209
210 <li>2012
211 <ul>
212
213 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
214
215 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
216
217 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
218
219 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>
220
221 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>
222
223 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>
224
225 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>
226
227 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>
228
229 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (9)</a></li>
230
231 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/10/">October (17)</a></li>
232
233 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/11/">November (10)</a></li>
234
235 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/12/">December (7)</a></li>
236
237 </ul></li>
238
239 <li>2011
240 <ul>
241
242 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
243
244 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
245
246 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
247
248 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
249
250 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
251
252 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
253
254 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
255
256 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
257
258 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
259
260 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
261
262 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
263
264 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
265
266 </ul></li>
267
268 <li>2010
269 <ul>
270
271 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
272
273 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
274
275 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
276
277 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
278
279 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
280
281 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
282
283 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
284
285 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
286
287 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
288
289 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
290
291 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
292
293 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
294
295 </ul></li>
296
297 <li>2009
298 <ul>
299
300 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
301
302 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
303
304 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
305
306 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
307
308 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
309
310 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
311
312 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
313
314 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
315
316 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
317
318 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
319
320 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
321
322 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
323
324 </ul></li>
325
326 <li>2008
327 <ul>
328
329 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
330
331 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
332
333 </ul></li>
334
335 </ul>
336
337
338
339 <h2>Tags</h2>
340 <ul>
341
342 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
343
344 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
345
346 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
347
348 <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
349
350 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (9)</a></li>
351
352 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (15)</a></li>
353
354 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
355
356 <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
357
358 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (121)</a></li>
359
360 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (154)</a></li>
361
362 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
363
364 <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (15)</a></li>
365
366 <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (20)</a></li>
367
368 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
369
370 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (303)</a></li>
371
372 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
373
374 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
375
376 <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (25)</a></li>
377
378 <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
379
380 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (16)</a></li>
381
382 <li><a href="http://people.skolelinux.org/pere/blog/tags/h264">h264 (20)</a></li>
383
384 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
385
386 <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (11)</a></li>
387
388 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (19)</a></li>
389
390 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
391
392 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (8)</a></li>
393
394 <li><a href="http://people.skolelinux.org/pere/blog/tags/lsdvd">lsdvd (2)</a></li>
395
396 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
397
398 <li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>
399
400 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (37)</a></li>
401
402 <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (7)</a></li>
403
404 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (273)</a></li>
405
406 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (177)</a></li>
407
408 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (22)</a></li>
409
410 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
411
412 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (58)</a></li>
413
414 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (92)</a></li>
415
416 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
417
418 <li><a href="http://people.skolelinux.org/pere/blog/tags/reactos">reactos (1)</a></li>
419
420 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
421
422 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>
423
424 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>
425
426 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
427
428 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
429
430 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
431
432 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (45)</a></li>
433
434 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
435
436 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>
437
438 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (48)</a></li>
439
440 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>
441
442 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (10)</a></li>
443
444 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (36)</a></li>
445
446 <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>
447
448 <li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>
449
450 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
451
452 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (55)</a></li>
453
454 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
455
456 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (38)</a></li>
457
458 </ul>
459
460
461 </div>
462 <p style="text-align: right">
463 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.6</a>
464 </p>
465
466 </body>
467 </html>
Nettsider og blogg.