Notification of Password Expired for Root Equivalent ID - Security

This is a discussion on Notification of Password Expired for Root Equivalent ID - Security ; Hi, I have a Red Hat Enterprise Linux AS release 4 (Nahant) here. When a user's password is expired, the system will prompt the user to change the password. However, when a root-equivalent ID's password is expired, the system would ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Notification of Password Expired for Root Equivalent ID

  1. Notification of Password Expired for Root Equivalent ID

    Hi,

    I have a Red Hat Enterprise Linux AS release 4 (Nahant) here.

    When a user's password is expired, the system will prompt the user to
    change the password. However, when a root-equivalent ID's password is
    expired, the system would not prompt user to change password. Instead,
    it does not allow the root equivalent ID to sign on although the
    password is correct. The error message displayed is "Access Denied". I
    would like to know, how can we configure so that when a root equivalent
    ID's password is expired, the system will prompt for a password change
    and then allow user to sign on to the system.

    Thanks and regards,
    Jenny


  2. Re: Notification of Password Expired for Root Equivalent ID

    I'd suspect that this is done as a security measure because a "root
    equivalent" ID has a lot of authority on a system. Your best bet may be
    to setup a script for those users that will check the password
    expiration at each logon and notify the user when the password is within
    n days of expiring. Of course, this won't help the user who goes on a
    two week vacation and has the password expire near the end of it.

    Phil Sherman


    Jenny wrote:
    > Hi,
    >
    > I have a Red Hat Enterprise Linux AS release 4 (Nahant) here.
    >
    > When a user's password is expired, the system will prompt the user to
    > change the password. However, when a root-equivalent ID's password is
    > expired, the system would not prompt user to change password. Instead,
    > it does not allow the root equivalent ID to sign on although the
    > password is correct. The error message displayed is "Access Denied". I
    > would like to know, how can we configure so that when a root equivalent
    > ID's password is expired, the system will prompt for a password change
    > and then allow user to sign on to the system.
    >
    > Thanks and regards,
    > Jenny
    >


  3. Re: Notification of Password Expired for Root Equivalent ID

    In comp.os.linux.security Jenny :
    > Hi,


    > I have a Red Hat Enterprise Linux AS release 4 (Nahant) here.


    > When a user's password is expired, the system will prompt the user to
    > change the password. However, when a root-equivalent ID's password is
    > expired, the system would not prompt user to change password. Instead,


    What is that? Do you have more then one user with UID 0? Very
    very bad idea, use sudo instead:

    $ man -k sudo
    sudo (8) - execute a command as another user
    sudoers (5) - list of which users may execute what
    visudo (8) - edit the sudoers file

    Good luck

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 335: the AA battery in the wallclock sends
    magnetic interference

+ Reply to Thread