Forcing Password Change
Anthony Plastino
anthonyp at esociety.com
Tue Aug 1 15:45:05 GMT 2000
Hi all,
I can't seem to search the archives (for a while) and have looked through
several months of posts in those archives I _can_ get access to and I
haven't seen a mention of forcing password changes. Nor is there any sort
of reference in the manual or any other documentation I can get my hands on.
I have a client that needs to be able to force users to change their
password at regular intervals. In a pure NT or Pure *nix environment this
is possible. However, it seems to be impossible in their current
situation:
'98 workstations, samba is quasi domain controller and WINS server, NIS used
in part of the network and a separate system (non NIS) for
SMTP/POP3/calendaring and a CVS server (zero NT !! :) ).
When users are added into the system they get assigned a password by a
sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS)
as well as the Windows password. To date, there is no way to allow for
non-repudiation, and that is a serious problem from my point of view--at
least one other person in the client's company knows anyone's password and
can masquerade as that user.
Simply trusting that a user will change their password is not enough, they
won't unless they are forced to.
I believe that I have a mechanism (set of scripts + SSH) that will interact
with samba to synchronize all of the systems when a user makes the change
from her control panel ( the reasons for not moving completely to NIS or
LDAP
are numerous).
Can someone point me to a source for forcing these users to change their
passwords? How about adding an "acceptable use" banner to the login screen?
Forcing "good" (also read strong) password construction?
I wish that there was a viable alternative to windows, and having these
particular tools at hand would be most beneficial.
Thanks in advance,
Tony Plastino
anthonyp at esociety.com
=====================================
A. R. Plastino III
Network and Systems Security Engineer
eSociety
http://www.eSociety.com
More information about the samba-ntdom
mailing list