I have a large group of Linux servers that I inherited from a previous administrator. Unfortunately there is no single sign-on configured so each server has it's own local accounts with local authentication. Normally I use ssh keys and a handy shell script to change passwords on all these machines with the usermod -p command. We are able to update the password on on one server and push the encrypted password out to all the others.
If, however, we turn on password aging with "chage -M 90 username" then try to update passwords with usermod, the aging info for the account is not updated even though the password has been changed. Apparently this must be done manually for each and every server with the passwd command. This is not practical.
In the long run we're going to try and get some kind of centralized authentication, but in the meantime does anyone have an idea for a workaround?
Thanks
Sean
On 01/28/2010 02:20 PM, Sean Carolan wrote: ...
In the long run we're going to try and get some kind of centralized authentication, but in the meantime does anyone have an idea for a workaround?
If your script change passwords via ssh and usermod, why not at the same time do a chage -d number username?
Mogens
If your script change passwords via ssh and usermod, why not at the same time do a chage -d number username?
Thank you, I may end up doing it this way at least until we can configure AD or LDAP authentication.
-
Mogens Kjaer -
Sean Carolan