]> pere.pagekite.me Git - homepage.git/blob - blog/archive/2010/05/index.html
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update time stamp.
[homepage.git] / blog / archive / 2010 / 05 / index.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html>
4 <head>
5 <title>Petter Reinholdtsen: entries from May 2010</title>
6 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
7 <link rel="alternate" title="RSS Feed" href="05.rss" type="application/rss+xml">
8 </head>
9 <body>
10 <!-- XML FEED -->
11
12 <div class="title">
13 <h1>
14 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
15
16 </h1>
17
18 </div>
19
20 <p>Entries from May 2010.</p>
21
22
23 <div class="entry">
24 <div class="title">
25 <a href="http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html">Forcing new users to change their password on first login</a>
26 </div>
27 <div class="date">
28 2010-05-02 13:47
29 </div>
30
31 <div class="body">
32
33 <p>One interesting feature in Active Directory, is the ability to
34 create a new user with an expired password, and thus force the user to
35 change the password on the first login attempt.</p>
36
37 <p>I'm not quite sure how to do that with the LDAP setup in Debian
38 Edu, but did some initial testing with a local account. The account
39 and password aging information is available in /etc/shadow, but
40 unfortunately, it is not possible to specify an expiration time for
41 passwords, only a maximum age for passwords.</p>
42
43 <p>A freshly created account (using adduser test) will have these
44 settings in /etc/shadow:</p>
45
46 <blockquote><pre>
47 root@tjener:~# chage -l test
48 Last password change : May 02, 2010
49 Password expires : never
50 Password inactive : never
51 Account expires : never
52 Minimum number of days between password change : 0
53 Maximum number of days between password change : 99999
54 Number of days of warning before password expires : 7
55 root@tjener:~#
56 </pre></blockquote>
57
58 <p>The only way I could come up with to create a user with an expired
59 account, is to change the date of the last password change to the
60 lowest value possible (January 1th 1970), and the maximum password age
61 to the difference in days between that date and today. To make it
62 simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
63 avoid testing if 0 is a valid value).</p>
64
65 <p>After using these commands to set it up, it seem to work as
66 intended:</p>
67
68 <blockquote><pre>
69 root@tjener:~# chage -d 1 test; chage -M 10950 test
70 root@tjener:~# chage -l test
71 Last password change : Jan 02, 1970
72 Password expires : never
73 Password inactive : never
74 Account expires : never
75 Minimum number of days between password change : 0
76 Maximum number of days between password change : 10950
77 Number of days of warning before password expires : 7
78 root@tjener:~#
79 </pre></blockquote>
80
81 <p>So far I have tested this with ssh and console, and kdm (in
82 Squeeze) login, and all ask for a new password before login in the
83 user (with ssh, I was thrown out and had to log in again).</p>
84
85 <p>Perhaps we should set up something similar for Debian Edu, to make
86 sure only the user itself have the account password?</p>
87
88 <p>If you want to comment on or help out with implementing this for
89 Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
90
91 <p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
92 shadow(8) page in Debian/testing now state that setting the date of
93 last password change to zero (0) will force the password to be changed
94 on the first login. This was not mentioned in the manual in Lenny, so
95 I did not notice this in my initial testing. I have tested it on
96 Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
97 tested it on Lenny yet.</p>
98
99 <p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
100 equivalent command to expire a password is '<tt>passwd -e
101 username</tt>', which insert zero into the date of the last password
102 change.</p>
103
104 </div>
105 <div class="tags">
106
107
108
109 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
110
111 </div>
112 </div>
113 <div class="padding"></div>
114
115 <div class="entry">
116 <div class="title">
117 <a href="http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html">Parallellizing the boot in Debian Squeeze - ready for wider testing</a>
118 </div>
119 <div class="date">
120 2010-05-06 23:25
121 </div>
122
123 <div class="body">
124
125 <p>These days, the init.d script dependencies in Squeeze are quite
126 complete, so complete that it is actually possible to run all the
127 init.d scripts in parallell based on these dependencies. If you want
128 to test your Squeeze system, make sure
129 <a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
130 based boot sequencing</a> is enabled, and add this line to
131 /etc/default/rcS:</p>
132
133 <blockquote><pre>
134 CONCURRENCY=makefile
135 </pre></blockquote>
136
137 <p>That is it. It will cause sysv-rc to use the startpar tool to run
138 scripts in parallel using the dependency information stored in
139 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
140 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
141 to try to start the kdm and gdm scripts as early as possible, and will
142 start the facilities required by kdm or gdm as early as possible to
143 make this happen.</p>
144
145 <p>Give it a try, and see if you like the result. If some services
146 fail to start properly, it is most likely because they have incomplete
147 init.d script dependencies in their startup script (or some of their
148 dependent scripts have incomplete dependencies). Report bugs and get
149 the package maintainers to fix it. :)</p>
150
151 <p>Running scripts in parallel could be the default in Debian when we
152 manage to get the init.d script dependencies complete and correct. I
153 expect we will get there in Squeeze+1, if we get manage to test and
154 fix the remaining issues.</p>
155
156 <p>If you report any problems with dependencies in init.d scripts to
157 the BTS, please usertag the report to get it to show up at
158 <a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
159 list of usertagged bugs related to this</a>.</p>
160
161 </div>
162 <div class="tags">
163
164
165
166 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
167
168 </div>
169 </div>
170 <div class="padding"></div>
171
172 <p style="text-align: right;"><a href="05.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS Feed" width="36" height="14"></a></p>
173
174
175
176 <div id="sidebar">
177
178 <h2>Archive</h2>
179 <ul>
180
181 <li>2010
182 <ul>
183
184 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
185
186 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
187
188 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
189
190 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
191
192 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (2)</a></li>
193
194 </ul></li>
195
196 <li>2009
197 <ul>
198
199 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
200
201 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
202
203 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
204
205 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
206
207 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
208
209 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
210
211 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
212
213 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
214
215 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
216
217 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
218
219 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
220
221 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
222
223 </ul></li>
224
225 <li>2008
226 <ul>
227
228 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
229
230 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
231
232 </ul></li>
233
234 </ul>
235
236
237
238 <h2>Tags</h2>
239 <ul>
240
241 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
242
243 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
244
245 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
246
247 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (15)</a></li>
248
249 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (15)</a></li>
250
251 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (25)</a></li>
252
253 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
254
255 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (6)</a></li>
256
257 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (2)</a></li>
258
259 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>
260
261 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
262
263 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
264
265 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (64)</a></li>
266
267 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (71)</a></li>
268
269 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (12)</a></li>
270
271 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (11)</a></li>
272
273 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
274
275 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
276
277 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (7)</a></li>
278
279 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (11)</a></li>
280
281 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
282
283 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
284
285 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
286
287 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (6)</a></li>
288
289 </ul>
290
291 </div>
292 </body>
293 </html>
Nettsider og blogg.