Generated.

[homepage.git] / blog / index.html

diff --git a/blog/index.html b/blog/index.html
index 86507416b670349d04faae5d3cee03d0f08b79a2..23c7c141636b715a18e37b84e04dec1687522edf 100644 (file)
--- a/blog/index.html
+++ b/blog/index.html
@@ -19,6 +19,78 @@
 
 
  
+ <div class="entry">
+  <div class="title"><a href="Forcing_new_users_to_change_their_password_on_first_login.html">Forcing new users to change their password on first login</a></div>
+  <div class="date">2010-05-02 13:40</div>
+  <div class="body">
+<p>One interesting feature in Active Directory, is the ability to
+create a new user with an expired password, and thus force the user to
+change the password on the first login attempt.</p>
+
+<p>I'm not quite sure how to do that with the LDAP setup in Debian
+Edu, but did some initial testing with a local account.  The account
+and password aging information is available in /etc/shadow, but
+unfortunately, it is not possible to specify an expiration time for
+passwords, only a maximum age for passwords.</p>
+
+<p>A freshly created account (using adduser test) will have these
+settings in /etc/shadow:</p>
+
+<blockquote><pre>
+root@tjener:~# chage -l test
+Last password change                                    : May 02, 2010
+Password expires                                        : never
+Password inactive                                       : never
+Account expires                                         : never
+Minimum number of days between password change          : 0
+Maximum number of days between password change          : 99999
+Number of days of warning before password expires       : 7
+root@tjener:~#
+</pre></blockquote>
+
+<p>The only way I could come up with to create a user with an expired
+account, is to change the date of the last password change to the
+lowest value possible (January 1th 1970), and the maximum password age
+to the difference in days between that date and today.  To make it
+simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
+avoid testing if 0 is a valid value).</p>
+
+<p>After using these commands to set it up, it seem to work as
+intended:</p>
+
+<blockquote><pre>
+root@tjener:~# chage -d 1 test; chage -M 10950 test
+root@tjener:~# chage -l test
+Last password change                                    : Jan 02, 1970
+Password expires                                        : never
+Password inactive                                       : never
+Account expires                                         : never
+Minimum number of days between password change          : 0
+Maximum number of days between password change          : 10950
+Number of days of warning before password expires       : 7
+root@tjener:~#  
+</pre></blockquote>
+
+<p>So far I have tested this with ssh and console, and kdm (in
+Squeeze) login, and all ask for a new password before login in the
+user (with ssh, I was thrown out and had to log in again).</p>
+
+<p>Perhaps we should set up something similar for Debian Edu, to make
+sure only the user itself have the account password?</p>
+
+<p>If you want to comment on or help out with implementing this for
+Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+</div>
+  <div class="tags">
+   
+
+   
+   Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>. 
+  
+  </div>
+ </div>
+ <div class="padding"></div>
+ 
  <div class="entry">
   <div class="title"><a href="Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html">Thoughts on roaming laptop setup for Debian Edu</a></div>
   <div class="date">2010-04-28 20:40</div>
@@ -401,32 +473,6 @@ everything is taken care of.</p>
  </div>
  <div class="padding"></div>
  
- <div class="entry">
-  <div class="title"><a href="Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html">Sikkerhet, teater, og hvordan gjøre verden sikrere</a></div>
-  <div class="date">2009-12-30 16:35</div>
-  <div class="body">
-<p>Via Slashdot fant jeg en
-<a href="http://www.cnn.com/2009/OPINION/12/29/schneier.air.travel.security.theater/index.html">nydelig
-kommentar fra Bruce Schneier</a> som ble publisert hos CNN i går.  Den
-forklarer forbilledlig hvorfor sikkerhetsteater og innføring av
-totalitære politistatmetoder ikke er løsningen for å gjøre verden
-sikrere.  Anbefales på det varmeste.</p>
-
-<p>Oppdatering: Kom over
-<a href="http://gizmodo.com/5435675/president-obama-its-time-to-fire-the-tsa">nok
-en kommentar</a> om den manglende effekten av dagens sikkerhetsteater
-på flyplassene.</p>
-</div>
-  <div class="tags">
-   
-
-   
-   Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/personvern">personvern</a>, <a href="tags/sikkerhet">sikkerhet</a>. 
-  
-  </div>
- </div>
- <div class="padding"></div>
- 
  <p style="text-align: right;"><a href="index.rss"><img src="xml.gif" alt="RSS feed" width="36" height="14"></a></p>
 
 <div id="sidebar">
@@ -449,6 +495,8 @@ på flyplassene.</p>
 
 <li><a href="archive/2010/04/">April (3)</a></li>
 
+<li><a href="archive/2010/05/">May (1)</a></li>
+
 </ul></li>
 
 <li>2009
@@ -504,9 +552,9 @@ på flyplassene.</p>
 
  <li><a href="tags/debian">debian (14)</a></li>
 
- <li><a href="tags/debian edu">debian edu (14)</a></li>
+ <li><a href="tags/debian edu">debian edu (15)</a></li>
 
- <li><a href="tags/english">english (23)</a></li>
+ <li><a href="tags/english">english (24)</a></li>
 
  <li><a href="tags/fiksgatami">fiksgatami (1)</a></li>
 
@@ -522,7 +570,7 @@ på flyplassene.</p>
 
  <li><a href="tags/norsk">norsk (64)</a></li>
 
- <li><a href="tags/nuug">nuug (70)</a></li>
+ <li><a href="tags/nuug">nuug (71)</a></li>
 
  <li><a href="tags/opphavsrett">opphavsrett (12)</a></li>