home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!paladin.american.edu!howland.reston.ans.net!zaphod.mps.ohio-state.edu!malgudi.oar.net!news.ysu.edu!yfnnews-gateway!do-not-reply-to-path
- From: wacker@ampere.Physik.Uni-Dortmund.DE (Klaus Wacker)
- Newsgroups: comp.unix.aix
- Subject: NIS and Password Expiration
- Message-ID: <9212301627.AA34904@ampere.Physik.Uni-Dortmund.DE>
- Date: 31 Dec 92 04:57:51 GMT
- Sender: wacker@ampere.Physik.Uni-Dortmund.DE
- Lines: 29
-
- Can somebody explain how one can set up a password expiration policy
- consistently in a NIS environment?
-
- We have a NIS server and 6 clients. I have set maxage = 13 under
- pw_restrictions in /etc/security/login.cfg on all 7 hosts. Suppose I
- want to login on client1 with my password expired. I give first my old
- password, then I choose a new one. client1 says: Password changed on
- server. So far, so good. Now I want to login on client2. I am again
- asked to change my password! When asked for the old password, I have
- to type the new one and when asked for the new password I can type the
- old one.
-
- Things get even worse when I set minage non-zero (when minage is zero,
- people can immediately change back to their old password, which
- defeats the purpose of having a password expiration policy). In this
- case I cannot login to client2 at all - client2 insists I change my
- password and the server refuses any changed password.
-
- The only liveable solution I found so far is to set maxage and minage
- only on the server, but then people aren't really forced to ever
- change their password. Does anybody have a better solution?
-
- --
-
- | / | | | | | wacker@Physik.Uni-Dortmund.DE
- | / | _ __ | | | _ _ | _ _ Klaus Wacker, Exp.Physik V
- |/\ | _\ | | (_ | | | _\ / |_) /_) | Uni Dortmund, Postfach 500500
- | \_|_(_|_|_|___) |_|_|_(_|_\__| \_/\___| D-4600 Dortmund 50
- +49 (231) 755 3587
-
