Hi all, Let's say I activate password expiration for every account (including root) for every 90 days. I understand that cronjob for root will fail when the password expires.
The question is, if I setup a cronjob every 90 days to renew the root password like: echo diFficulT123 | passwd --stdin root will it work?
I mean at second 1 on the 90th day, which will run first? - The cronjob to renew the password - Or the password expiration, thus preventing the cronjob from running.
Pardon me if it's silly. I know it's bad to change password from script, but the root acc is not used at all and has been disabled from logon remotely. I just need it to keep various cronjob to keep running. Any other advise are welcome.
On 06/22/2011 11:46 PM, Fajar Priyanto wrote:
I mean at second 1 on the 90th day, which will run first?
- The cronjob to renew the password
- Or the password expiration, thus preventing the cronjob from running.
just setup the password renewing job to run one minute earlier
or
don't expire the root passwd
On Thursday 23 Jun 2011 07:46:01 Fajar Priyanto wrote:
I understand that cronjob for root will fail when the password expires.
AFAIK, account does not need to have a password at all for cron to work.
Apart from that if you're going to automatically reset root's password you may as well just avoid expiring it at all.
On Thu, Jun 23, 2011 at 3:44 PM, Michael Gliwinski Michael.Gliwinski@henderson-group.com wrote:
On Thursday 23 Jun 2011 07:46:01 Fajar Priyanto wrote:
I understand that cronjob for root will fail when the password expires.
AFAIK, account does not need to have a password at all for cron to work.
Apart from that if you're going to automatically reset root's password you may as well just avoid expiring it at all.
In /var/log/cron I see this when the password expires. And cronjob fail to run.
Jun 23 02:50:01 my-srv crond[4424]: CRON (root) ERROR: failed to open PAM security session: Success Jun 23 02:50:01 my-srv crond[4424]: CRON (root) ERROR: cannot set security context Jun 23 03:00:01 my-srv crond[4425]: Authentication token is no longer valid; new one required
On Thursday 23 Jun 2011 08:54:21 Fajar Priyanto wrote:
AFAIK, account does not need to have a password at all for cron to work.
Apart from that if you're going to automatically reset root's password you may as well just avoid expiring it at all.
In /var/log/cron I see this when the password expires. And cronjob fail to run.
Jun 23 02:50:01 my-srv crond[4424]: CRON (root) ERROR: failed to open PAM security session: Success Jun 23 02:50:01 my-srv crond[4424]: CRON (root) ERROR: cannot set security context Jun 23 03:00:01 my-srv crond[4425]: Authentication token is no longer valid; new one required
What does your /etc/pam.d/crond and /etc/pam.d/system-auth look like? Also, what version of CentOS is it?
Must admit, I'm not sure about the password expiring, but I just tested it on disabled accounts (both local and Kerberos/LDAP) and it works.
-
Fajar Priyanto -
KevinO -
Michael Gliwinski