password about to expire notification

13/09/2007, 17h56

Hi,

Is there a way to query SSH periodically in order to obtain a list of
users whose password is about to expire in x number of days?

Thanks,

Van Smith

13/09/2007, 20h27

vsmith23@gmail.com writes:

> Hi,
>
> Is there a way to query SSH periodically in order to obtain a list of
> users whose password is about to expire in x number of days?

This is much more a function of the operating system of the machines
involved and the authentication means used than it is of ssh.

--
Todd H.
http://www.toddh.net/

13/09/2007, 20h34

On 2007-09-13, vsmith23@gmail.com <vsmith23@gmail.com> wrote:

> Is there a way to query SSH periodically in order to obtain a list of
> users whose password is about to expire in x number of days?

You want to query the OS, not SSH.

Details depend on the OS, but may involve options to the passwd command
and/or numbers in the /etc/shadow file.

Whether password expiry is worth having is another matter -
I think it usually isn't.

--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/

13/09/2007, 21h32

all mail refused wrote:
> Whether password expiry is worth having is another matter -
> I think it usually isn't.

It can actually reduce security, since people being forced to change
their password before they can get some work done are increasingly
likely to pick weak passwords and reuse them from other services.

I agree with Bruce Schneier on this issue: Pick strong,random passwords,
allow one paper copy of them, but encourage users to treat the written
down password like a credit card. And don't expire them.

13/09/2007, 17h56	#1
vsmith23@gmail.com Messages: n/a Hébergeur:	password about to expire notification Hi, Is there a way to query SSH periodically in order to obtain a list of users whose password is about to expire in x number of days? Thanks, Van Smith

13/09/2007, 20h27	#2
Todd H. Messages: n/a Hébergeur:	Re: password about to expire notification vsmith23@gmail.com writes: > Hi, > > Is there a way to query SSH periodically in order to obtain a list of > users whose password is about to expire in x number of days? This is much more a function of the operating system of the machines involved and the authentication means used than it is of ssh. -- Todd H. http://www.toddh.net/

13/09/2007, 20h34	#3
all mail refused Messages: n/a Hébergeur:	Re: password about to expire notification On 2007-09-13, vsmith23@gmail.com <vsmith23@gmail.com> wrote: > Is there a way to query SSH periodically in order to obtain a list of > users whose password is about to expire in x number of days? You want to query the OS, not SSH. Details depend on the OS, but may involve options to the passwd command and/or numbers in the /etc/shadow file. Whether password expiry is worth having is another matter - I think it usually isn't. -- Elvis Notargiacomo master AT barefaced DOT cheek http://www.notatla.org.uk/goen/

13/09/2007, 21h32	#4
Steven Mocking Messages: n/a Hébergeur:	Re: password about to expire notification all mail refused wrote: > Whether password expiry is worth having is another matter - > I think it usually isn't. It can actually reduce security, since people being forced to change their password before they can get some work done are increasingly likely to pick weak passwords and reuse them from other services. I agree with Bruce Schneier on this issue: Pick strong,random passwords, allow one paper copy of them, but encourage users to treat the written down password like a credit card. And don't expire them.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email