Ping a Specific Port

Question

Dom

Asked: 2011-04-05 00:48:51 +0800 CST2011-04-05 00:48:51 +0800 CST 2011-04-05 00:48:51 +0800 CST

PAM : Reject the standard password

772

I want to reject our standard password in pam for the services until the user change it. It is a fixed password, well known by our users, but I don't know how I can configure pam to refuse it. I check cracklib, but it works only on password change, not on auth. I can't use pam_succeed_if as it doesn't check the password.

Any idea how reject this password ?

2 Answers

Voted

Jonathan Ross · Answer 1 · 2011-04-05T01:00:31+08:00

Jonathan Ross

2011-04-05T01:00:31+08:002011-04-05T01:00:31+08:00

chage -d 0 username should do it. You might have to set a null initial password which probably isn't very secure but some trial and error testing should reveal if that's the case.

-edit-

In that case can you spawn a login script upon login using /etc/profile, /etc/bash.bashrc or similar to set that password first and then let them ageing policy force it to be changed ?

2

poige · Answer 2 · 2011-04-05T03:21:54+08:00

poige

2011-04-05T03:21:54+08:002011-04-05T03:21:54+08:00

Consider pam_exec

2

PAM : Reject the standard password

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?