Dear all,
I have a NIS server which shares a database of users between some computers (nodes exactly) and I would like that, on the first login, the user changes its password.
So, on the NIS server I have made: chage -d 0 USER Then: # cd /var/yp # make
On the NIS server I have: chage -l USER Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
I would believe this information is shared from the server to the other computers but here users still can connect (via SSH). If I try to get the information on the user connected I have: # chage -l USER user 'USER' does not exist in /etc/passwd
This looks normal as there is no user there but then I do not know how to enable the expiration information through NIS. Do someone has an idea?
Thanks, Fabien
On Thu, Jun 28, 2012 at 7:23 AM, Fabien Archambault < fabien.archambault@univ-amu.fr> wrote:
Dear all,
I have a NIS server which shares a database of users between some computers (nodes exactly) and I would like that, on the first login, the user changes its password.
So, on the NIS server I have made: chage -d 0 USER Then: # cd /var/yp # make
On the NIS server I have: chage -l USER Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
I would believe this information is shared from the server to the other computers but here users still can connect (via SSH). If I try to get the information on the user connected I have: # chage -l USER user 'USER' does not exist in /etc/passwd
This looks normal as there is no user there but then I do not know how to enable the expiration information through NIS. Do someone has an idea?
You can't. NIS on linux does not support password aging.
Thanks, Fabien _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Jun 28, 2012, at 4:49 PM, Michael Coffman michael.coffman@avagotech.com wrote:
I would believe this information is shared from the server to the other computers but here users still can connect (via SSH). If I try to get the information on the user connected I have: # chage -l USER user 'USER' does not exist in /etc/passwd
This looks normal as there is no user there but then I do not know how to enable the expiration information through NIS. Do someone has an idea?
You can't. NIS on linux does not support password aging.
If your using NIS then I would use Kerberos for the users passwords to maintain security. If your using Kerberos then I believe password aging is handled on the Kerberos server.
-Ross
-
Fabien Archambault -
Michael Coffman -
Ross Walker