How can I force users to change their password at initial login? - Suse

This is a discussion on How can I force users to change their password at initial login? - Suse ; SuSE 10.3 is the O/S. I can't find anything in the local documentation or any options through Yast that would force users to change their password on their initial login....

+ Reply to Thread
Results 1 to 15 of 15

Thread: How can I force users to change their password at initial login?

  1. How can I force users to change their password at initial login?

    SuSE 10.3 is the O/S.

    I can't find anything in the local documentation or any options through Yast
    that would force users to change their password on their initial login.

  2. Re: How can I force users to change their password at initial login?

    Jim Carter wrote:
    > SuSE 10.3 is the O/S.
    >
    > I can't find anything in the local documentation or any options through Yast
    > that would force users to change their password on their initial login.


    I do not think that that is possible, yet I would be gladly proven
    wrong.

    You could write a script around it that does the password change the
    first time and then removes itself from autolaunching when logging in.

    This could be re-activated if a system admin does a reset of a password.

    I think this would be a nice feature to have in YaST. So best file a
    bugreport as a reqiest, so they put it in version 11.0

    houghi
    --
    You can have my keyboard ...
    if you can pry it from my dead, cold, stiff fingers

  3. Re: How can I force users to change their password at initial login?

    On 2008-03-10 03:57, Jim Carter wrote:
    > SuSE 10.3 is the O/S.
    >
    > I can't find anything in the local documentation or any options through Yast
    > that would force users to change their password on their initial login.


    passwd -e user

    /bb

  4. Re: How can I force users to change their password at initial login?

    On Mon, 10 Mar 2008, Jim Carter wrote:-

    >SuSE 10.3 is the O/S.
    >
    >I can't find anything in the local documentation or any options through Yast
    >that would force users to change their password on their initial login.


    I can't see a way of doing so using YaST2, but you can using:

    passwd -e ${USER}

    Have a look at man passwd for details.


    Regards,
    David Bolt

    --
    www.davjam.org/lifetype/ www.distributed.net: OGR@100Mnodes, RC5-72@15Mkeys
    SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit | openSUSE 11.0a1
    SUSE 10.1 64bit | openSUSE 10.2 64bit | openSUSE 10.3 64bit
    RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC |RISC OS 3.11

  5. Re: How can I force users to change their password at initial login?

    houghi wrote:
    > I think this would be a nice feature to have in YaST. So best file a
    > bugreport as a reqiest, so they put it in version 11.0


    https://bugzilla.novell.com/show_bug.cgi?id=368613

    You are welcome.

    houghi
    --
    You can have my keyboard ...
    if you can pry it from my dead, cold, stiff fingers

  6. Re: How can I force users to change their password at initial login?

    David Bolt wrote:

    > On Mon, 10 Mar 2008, Jim Carter wrote:-
    >
    >>SuSE 10.3 is the O/S.
    >>
    >>I can't find anything in the local documentation or any options through
    >>Yast that would force users to change their password on their initial
    >>login.

    >
    > I can't see a way of doing so using YaST2, but you can using:
    >
    > passwd -e ${USER}
    >
    > Have a look at man passwd for details.
    >
    >
    > Regards,
    > David Bolt
    >


    Super - I understand the passwd command options but I sure couldn't find
    that feature through yast. I'll squawk this as a missing yast feature.

    Thanks for confirming my suspicions.


  7. Re: How can I force users to change their password at initial login?

    houghi wrote:

    > houghi wrote:
    >> I think this would be a nice feature to have in YaST. So best file a
    >> bugreport as a reqiest, so they put it in version 11.0

    >
    > https://bugzilla.novell.com/show_bug.cgi?id=368613
    >
    > You are welcome.
    >
    > houghi


    Thanks - added my vote too.

  8. Re: How can I force users to change their password at initial login?

    In article ,
    Jim Carter wrote:

    > SuSE 10.3 is the O/S.
    >
    > I can't find anything in the local documentation or any options through Yast
    > that would force users to change their password on their initial login.


    Give them an initial password that is 64 characters long and uses mixed
    case, digits, and plenty of punctuation--and tell them about the passwd
    command. I think the problem will then take care of itself. :-)


    --
    --Tim Smith

  9. Re: How can I force users to change their password at initial login?

    Tim Smith wrote:
    > In article ,
    > Jim Carter wrote:
    >
    >> SuSE 10.3 is the O/S.
    >>
    >> I can't find anything in the local documentation or any options through Yast
    >> that would force users to change their password on their initial login.

    >
    > Give them an initial password that is 64 characters long and uses mixed
    > case, digits, and plenty of punctuation--and tell them about the passwd
    > command. I think the problem will then take care of itself. :-)
    >
    >

    LOL

  10. Re: How can I force users to change their password at initial login?

    Tim Smith wrote:

    > In article ,
    > Jim Carter wrote:
    >
    >> SuSE 10.3 is the O/S.
    >>
    >> I can't find anything in the local documentation or any options through
    >> Yast that would force users to change their password on their initial
    >> login.

    >
    > Give them an initial password that is 64 characters long and uses mixed
    > case, digits, and plenty of punctuation--and tell them about the passwd
    > command. I think the problem will then take care of itself. :-)
    >


    BOFH!

    --
    Larry Bristol --- The Double Luck
    http://www.doubleluck.com


  11. Re: How can I force users to change their password at initial login?

    Larry Bristol wrote:
    > Tim Smith wrote:
    >
    >> In article ,
    >> Jim Carter wrote:
    >>
    >>> SuSE 10.3 is the O/S.
    >>>
    >>> I can't find anything in the local documentation or any options through
    >>> Yast that would force users to change their password on their initial
    >>> login.

    >>
    >> Give them an initial password that is 64 characters long and uses mixed
    >> case, digits, and plenty of punctuation--and tell them about the passwd
    >> command. I think the problem will then take care of itself. :-)
    >>

    >
    > BOFH!


    Well, whatever password you use, I can hack it by typing 'override'

    houghi
    --
    You are about to enter another dimension, a dimension not only of
    sight and sound but of mind. A journey into a wondrous land of
    imagination. Next stop, Usenet!

  12. Re: How can I force users to change their password at initial login?

    On 2008-03-14, houghi wrote:
    >
    >
    > Larry Bristol wrote:
    >> Tim Smith wrote:
    >>
    >>> In article ,
    >>> Jim Carter wrote:
    >>>
    >>>> SuSE 10.3 is the O/S.
    >>>>
    >>>> I can't find anything in the local documentation or any options through
    >>>> Yast that would force users to change their password on their initial
    >>>> login.
    >>>
    >>> Give them an initial password that is 64 characters long and uses mixed
    >>> case, digits, and plenty of punctuation--and tell them about the passwd
    >>> command. I think the problem will then take care of itself. :-)
    >>>

    >>
    >> BOFH!

    >
    > Well, whatever password you use, I can hack it by typing 'override'


    Only if you type it in caps.

    --
    There is an art, it says, or rather, a knack to flying.
    The knack lies in learning how to throw yourself at the ground and miss.
    Douglas Adams

  13. Re: How can I force users to change their password at initial login?

    On Fri, 14 Mar 2008, in the Usenet newsgroup alt.os.linux.suse, in article
    , Preventer of Work wrote:

    >Tim Smith wrote:


    >> Jim Carter wrote:
    >>
    >>> SuSE 10.3 is the O/S.
    >>>
    >>> I can't find anything in the local documentation or any options through Yast
    >>> that would force users to change their password on their initial login.

    >>
    >> Give them an initial password that is 64 characters long and uses mixed
    >> case, digits, and plenty of punctuation


    [compton ~]$ head -2 /dev/random | mimencode
    t1Rzg9PeBTnpPGdr36BP0S0IZ7e8NLG5s29nXSzSjezognbio/PjDtS1S4q+2iQvNWAiLxOQ
    BPiMDABUdTvadM5YXDhKrlwbLKzb0a5N/+Oh0ujfTWmJeUEBcTCVAFqbAVhXvVlM8SW2t12i
    +L3FAhQObfkQAx7zT/ZFQzvwsZJPnl/i2qifq3oqbvDrJpwWRmhbY38HEKDLL4u78o7/4RKG
    16reEh6BRowq/GiLbltBLwJfq0DFqv1gjnJHhh5sEDEBLw7oAiStyp3bLt46v+O 5lrJX0SnP
    nxNsc3qqDE+Qrq6NOpzdo5pLbkPk+zJ5nVCucdkh82vJ2JktfE 4/NC6LV/9rrPlc6iwMBFJx
    GD+/MADcEsWjO8M3YSSuhMEprqd2KxetY/fNIwXScjnmwSXirqhXik3SlCRPWCz75mbMENWe
    ATO4nRV1mV8nhCFWvpq1gy4GesjUaENSryN2mmliAVe0g5+Q+C w0IvUQCJSzXmLJ/mdPi/HZ
    jaT6shgfIpxTC1AMP0GDDF1Mf9mTnusuZX1U0qF/tOMRA3ehwhvvPimzkIbROQ4YEmMvy6o6
    fvJO7o6YNyN7LZKJnqKjcVSG5T6yb/tosDlzWLy5jswdTAH3gKBJZN55xKaalZXkJjORAvSV
    JZ90wplXydu15sR6iQIrv+nNEeM3Pknh8AiASVHI6widI6KZ0r cFceW0kfZZv4Q8iVSnxA7U
    qMZfq9Zm5y8eI4W8Amwlcy4YXcosq3rTPqLQ1doIXxL0x11csc Pulf9rQtynBsIfTkP+3/vw
    hibR4xmUxTowuBCqbuCYRlX0lO2Gl98dB5AKXQ4+lyZ9QVs3WS JhEJlgMHNUgGmpbqZ9WsSt
    lOUYHS9+y7wFH5BwSfei1/ofTbzVaTGZ2FAmMsR3AYw4YuCXiorC4ikd89KvK5hKDXGTB5OA
    RSpDVGp611PxVPaqXe4fFAbHO1h7QC5VvEMFYqacBgyelnnP3c Ka6OxJ9wXjM0A7LjWscCmY
    rZh5EFvH+Jmej/ij/ee2O+D5wMLXiGYlnJ/TeVoYcszoiXjJVXYK
    [compton ~]$

    >> and tell them about the passwd command. I think the problem will then
    >> take care of itself. :-)

    >
    >LOL


    Unfortunately, unless you have a password-Nazi program vetting the
    luser-supplied passwords, you'll wind up with the lusers changing it to
    one of

    "" 1234567 a ihavenopass pwd
    0 12345678 aaa login qwer
    000000 123456789 abc love root
    00000000 1234qwer abc123 mypass secret
    007 123abc abcd mypass123 server
    1 123asd admin mypc sex
    110 123qwe admin123 mypc123 super
    111 2002 administrator oracle sybase
    111111 2003 alpha owner temp
    11111111 2600 asdf pass temp123
    12 54321 computer pass test
    121212 654321 database passwd test123
    123 88888888 enable password win
    123123 Admin foobar pat xp
    1234 Internet god patrick xxx
    12345 Login godblessyou pc yxcv
    123456 Password home pw123 zxcv
    pw xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    (that's the list of 87 passwords that the 'deloader' worm used in 2003
    to take over a significant percentage of the windoze boxes on the net.)
    Wow, some of those are really secure, like "" (which is an empty string).
    Does any one see _their_ password here?

    Old guy

  14. Login security (Was: How can I force users to change their password at initial login?)

    Moe Trin wrote:
    > Unfortunately, unless you have a password-Nazi program vetting the
    > luser-supplied passwords, you'll wind up with the lusers changing it to
    > one of



    To be fair, at my job I use a much lesser secure password as well. At
    this company I need to change my password each month on seveal systems
    that have no relation to each other.
    Some of them have different logins as well.

    And then there are also several external sites and systems where I do
    not have even the ability to choose my login or password myself.

    I am guessing that I have some 20 different logins and passwords. But
    this job is not THAT bad. At least the ones I change I can do at the
    same time. I used to work for another company where I needed to change
    the passwords in different timeslots:
    Every week (I kid you not.)
    Every two weeks
    Every 30 days
    Every 31 days
    Every 90 days

    Also I was outside a LOT, so obviously I wrote them down.
    Many people that work in IT write down their admin logins and passwords.
    Because the need of password changes on so many systems, people start
    using less secure passwords, not more secure passwords. A very secure
    passwordsis great if you have 1 password to remember. It becomes a pain
    when you need to rememeber more then 10 and change them each month.

    Now if there only would be a way to identify yourself via something
    central that is secure. Like using a key for your car or for your home.

    Unfortunatly this would mean a general acceptance of ALL parties
    involved, which I do not see happening very soon.

    Technicaly there is no restriction. Obviously it should be open to
    anybody. In Belgium, where each person above 12 already has an identity
    card, there could be a solution.
    http://developer.novell.com/wiki/index.php/EID-belgium
    http://eid.belgium.be/

    This is open source, so each person can use and implement it. There is a
    public key, which can be used. Just put in the card, enter your pin-code
    and you are done. Each and every site and system can then see if you are
    who you say you are and give you access. No more need to rememeber
    anything but your pincode.

    There are drawbacks. These drawbacks will be used as an excuse not to
    start using it and be stuck with a less secure system.
    1) non-Belgians do not have them yet.
    2) You need a cardreader for each and every computer
    3) Privacy http://idcorner.org/2005/07/04/the-b...card-calamity/
    4) If you loose your card, you won't be able to work untill you get a
    new card and then you need to re-autenticate at each and every site.

    However I do feel such a system would be better in the long run, as you
    can use it as a key. To me changing passwords every X time is NOT an
    added security layer, it rips one of. Having it done for many systems
    makes it even less secure.

    houghi
    --
    > Beware of he who would deny you access to information, <
    > for in his heart he dreams himself your master. <
    > Commissioner Pravin Lal: "U.N. Declaration of Rights" <


  15. Re: Login security (Was: How can I force users to change their passwordat initial login?)

    houghi wrote:

    > To me changing passwords every X time is NOT an
    > added security layer, it rips one of. Having it done for many systems
    > makes it even less secure.


    Totally agree. We also use multiple systems with multiple logins in
    work, and on the Windows side, our sys admin has decided his network
    will be more secure if everyone changes their password every 60 days
    (for about five different Windows based systems, so five login/passwords
    to remember). And to make matters worse, he insists that the password
    is at least eight characters long and must contain three of these four
    things, upper case, lower case, numbers and punctuation!

    With five different, regularly changing, login/passwords as complicated
    as these to remember, of course people write them down on a piece of
    paper which defeats the purpose of having a login/password as the piece
    of paper could get into the wrong hands. I've even seen the
    login/passwords written in pencil on the top of a monitor!!! More
    secure? Nope, but it gives the sys admin a feeling of power by forcing
    all the users to do what he says....

    OTOH, our Unix based system..... I've had the same password since I
    started working for the company, which does contain upper case, lower
    case and numbers so not easily hacked, but as it doesn't change
    regularly I can remember it and don't have to write it down. More
    secure? Absolutely.

+ Reply to Thread