Forcing password change

Anthony Plastino anthonyp at
Mon Jul 31 23:36:51 GMT 2000

Hi all,

I can't seem to search the archives (for a while) and have looked through
several months of posts in those archives I _can_ get access to and I
haven't seen a mention of forcing password changes.  Nor is there any sort
of reference in the manual or any other documentation I can get my hands on.

I have a client that needs to be able to force users to change their
password at regular intervals.  In a pure NT or Pure *nix environment this
is possible.  However, it seems to be impossible in their  current

'98 workstations, samba is quasi domain controller and WINS server, NIS used
in part of the network and a separate system (non NIS) for
SMTP/POP3/calendaring and a CVS server (zero NT !!  :)  ).

When users are added into the system they get assigned a password by a
sysadmin. There are four distinct login IDs per user (POP3, NIS, samba, CVS)
as well as the Windows password.  To date, there is no way to allow for
non-repudiation, and that is a serious problem from my point of view--at
least one other person in the client's company knows anyone's password and
can masquerade as that user.

Simply trusting that a user will change their password is not enough, they
won't unless they are forced to.

I believe that I have a mechanism (set of scripts + SSH) that will interact
with samba to synchronize all of the systems when a user makes the change
from her control panel(the reasons for not moving completely to NIS or LDAP
are numerous).

Can someone point me to a source for forcing these users to change their
passwords?  How about adding an "acceptable use" banner to the login screen?
Forcing "good" (also read strong) password construction?

I wish that there was a viable alternative to windows, and having these
particular tools at hand would be most beneficial.

Thanks in advance,

Tony Plastino
anthonyp at

A. R. Plastino III
Network and Systems Security Engineer

More information about the samba-technical mailing list