Topic: expiring password

[marcus75]

I have a new question for you.

I  would like to have the accounts password on the SME SERVER  expiring after  a pre-defined number of months (2 or 6 months).
 
Once expired, the user should be prompted to change his/her own password.

Can you help me, please?

[cactus]

I have a new question for you.

I  would like to have the accounts password on the SME SERVER  expiring after  a pre-defined number of months (2 or 6 months).
 
Once expired, the user should be prompted to change his/her own password.

Can you help me, please?

Use the 'chage' command, for help enter 'man chage'  on the command line of your server.

[marcus75]

Use the 'chage' command, for help enter 'man chage'  on the command line of your server.

Good solution but so I have to do one by one, can I set a group?

[cactus]

I have a new question for you.

I  would like to have the accounts password on the SME SERVER  expiring after  a pre-defined number of months (2 or 6 months).
 
Once expired, the user should be prompted to change his/her own password.

Can you help me, please?

Use the 'chage' command, for help enter 'man chage'  on the command line of your server.

To have it automatically done, for every time you create or modify a user:

• pico /etc/e-smith/events/actions/user-account-expiry
• Copy the following code there:
  Code: [Select]
  use strict;[/li][/list]
use esmith::ConfigDB;

shift @ARGV;
my $userName = shift @ARGV or die "Must supply username";

my $config = esmith::ConfigDB->open_ro();

my $record = $config->get('chage');

if (defined $record and $record->prop('enabled')  eq "true") {

    my $min  = $record->prop('min');
    my $max  = $record->prop('max');
    print "MAX: $max";
    my $warn = $record->prop('warn');

    my $cmd = '';

    if (defined $min) {
        $cmd .= " -m $min";
    }

    if (defined $max) {
        $cmd .= " -M $max";
    }

    if (defined $warn) {
        $cmd .= " -W $warn";
    }

    if (defined $cmd and $cmd ne '') {
        system("/usr/bin/chage $cmd $userName");
    }
}

exit 0;
• Press Ctrl-X, Y and enter to save.
• Now create symbolic links to add the action script to the user-create and user-modify event
  Code: [Select]
  ln -s /etc/e-smith/events/actions/user-account-expiry /etc/e-smith/events/user-create/S90user-account-expiry[/li][/list]
ln -s /etc/e-smith/events/actions/user-account-expiry /etc/e-smith/events/user-modify/S90user-account-expiry
• Create the database entry to hold the configuration values:
  Code: [Select]
  db configuration set chage service enabled true min 0 max 60 warn 7 (sets the minimum date to change the password to 0, so users can always change their passwords, set the maximum number of days to 60 before users will have to change theire passwords and warn them 7 days in advance). Every user that will be created or modified will have a password that will expire after 60 days, all exisiting users are not modified and need to be done by hand or need to change their passwords to have the expiry setting activated.

[cactus]

Good solution but so I have to do one by one, can I set a group?

I don't know of such an option... unfortunately. I will file a feature request for the expiry option in SMEServer.

Edit: Here is the NFR: http://bugs.contribs.org/show_bug.cgi?id=1176

[Matt]

hi

I have followed the how to on this thread as cactus sets out, but I now want to check it works.  

I already had some users setup before i did this, so will they not know when their passwords expire?

could somebody tell me how to check, what happens when the password expires?  

Will the user ne contacted automatically? and do they have to change their password before the old one expires, otherwise how will they logon to windows?  

Sorry for so many questions, but I am not the most experienced user.  

any help would be great.  Thanks