Re: Forcing passwords when creating users.

From: Green, Simon (SGreen@KRAFTEUROPE.COM)
Date: Fri Oct 25 2002 - 12:31:43 EDT

• Next message: Jolet, John: "Re: su - username passwd"
• Previous message: Jolet, John: "Re: Forcing passwords when creating users."
• Maybe in reply to: Ron Schwingel: "Forcing passwords when creating users."
• Next in thread: Ron Schwingel: "Re: Forcing passwords when creating users."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't think pwdadm recognises "ALL", but it would be very simple to
script. However, whether you should do it or not is another matter!

The problem is that with everybody being forced to change password at
the same time your helpdesk is likely to get a lot of calls from users
who have forgotten their password over the next couple of days.

If you have a lot of users, there's some potential performance impact
when they all come in to work in the morning and start changing
passwords, although I doubt that would be a problem.

I think a better approach would be to set a combined maxage and
maxexpired less than 90. That way, anyone who hasn't logged on to
change their password for three months will automatically be locked
out within the auditors' 90 day period.

If you have users who really use the system that infrequently they
will suffer some inconvenience, but somebody is going to suffer in
order to keep the auditors happy.

If you do decide to go ahead with this, might I suggest that you force
the change on a Sunday, so that they change password on a Monday
morning. This gives them the whole week to remember their new
password. Changing it on a Friday will give you a significant
increase in the number of forgotten passwords come Monday morning.

Also take care not to mess with root and other admin users.

Simon Green
Philip Morris ITSC Europe

AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/

N.B. Unsolicited email from vendors will seldom be appreciated.

> -----Original Message-----
> From: Adam Hanel [mailto:hanela@BILLINGS.K12.MT.US]
> Sent: 25 October 2002 17:16
> To: aix-l@Princeton.EDU
> Subject: Re: Forcing passwords when creating users.
>
>
> Do you know if this would be possible by executing:
>
> pwdadm ADMCHG ALL
>
> to make it so all users on a system would have to change
> their passwords
> at one time?
>
>
> For example, our 100 or so users wouldn't all change their
> passwords at
> once because they log in maybe once or twice a week at various times.
> However our auditors require us to change passwords every 90 days.
>
> It would be easier for us to be able to force a password change at the
> beginning of each quarter, that way our users would remember that they
> would have to change their password before gaining access.

• Next message: Jolet, John: "Re: su - username passwd"
• Previous message: Jolet, John: "Re: Forcing passwords when creating users."
• Maybe in reply to: Ron Schwingel: "Forcing passwords when creating users."
• Next in thread: Ron Schwingel: "Re: Forcing passwords when creating users."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:17 EDT