From: Green, Simon (SGreen@KRAFTEUROPE.COM)
Date: Mon Oct 28 2002 - 05:26:18 EST
Do you mean that when a user is forced to change their password there
is no audit record at all, or simply that you can't distinguish between
that and the user changing it voluntarily using passwd?
Simon Green
Senior Technical Analyst
UNIX and AS400 Services
Philip Morris ITSC-E
Tel: +44 1242 284318
Fax: +44 1242 284510
> -----Original Message-----
> From: Adam Hanel [mailto:hanela@BILLINGS.K12.MT.US]
> Sent: 25 October 2002 18:38
> To: aix-l@Princeton.EDU
> Subject: auditing
>
>
> Has anyone ever setup auditing to tell you when a user changes their
> password during the login process.
>
> For example: I don't want to know if the user executes
> "passwd" but I
> do want to know when the system tells them that they are required to
> change their password, and forces them to do so when they login.
>
> I have setup a class in the config file called passw(below)
> and assigned
> it to a user, you can see what I am asking for, but the
> /audit/stream.out doesn't register anything when a user is prompted to
> change their password at login.
>
>
> passw=USER_SU,PASSWORD_Change,S_PASSWD_WRITE,PASSWORD_Check,PA
> SSWORD_Fla
> gs,PASSWORD_Ckerr
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:17 EDT