[TriLUG] Expiring passwords

Nathan Conrad conrad at bungled.net
Mon Dec 22 12:01:07 EST 2003 

Another reason to use the usermod program that came with your OS is
that some computers are configured to look for password data in places
other than a shadow file. For example with MacOS, all of the password
information is stored in a NetInfo or LDAP database while only root
and a few other key users are stored in passwd and shadow. The MacOS
user modification programs are smart enough to determine where the
password metadata is stored and edit it accordingly. Most Linux
distributions use LAM which is able to authenticate via LDAP and other
things.

But, must Linux installations still just use the passwd and shadow
files. You should be safe editing the passwd  and shadow file for the
time being.

-Nathan

On Mon, Dec 22, 2003 at 10:46:26AM -0500, Jon Carnes wrote:
> On Mon, 2003-12-22 at 10:27, Chip Turner wrote:
> > Jon Carnes <jonc at nc.rr.com> writes:
> > 
> > > On Mon, 2003-12-22 at 10:08, zzd wrote:
> > > > How do you set/unset when a particular password expires via comman line. The 
> > > > postgres account on my Mandrake system keeps having the password expire. Is 
> > > > this a global or per user setting?
> > > > -- 
> > > > Z
> > > 
> > > man 5 shadow
> > 
> > It is almost always a bad idea these days to directly edit
> > /etc/passwd, shadow, group, and gshadow.  Better is to use usermod and
> > groupmod.  In this case in particular, 'usermod -e 2003-12-31 foo'
> > will make foo's password expire on Dec 31, 2003.  Much easier and much
> > less error prone.
> > 
> > Chip
> 
> Sorry Chip.  I'll stop being naughty by writing programs that do it
> directly (as I have been doing for the past four years).... :-)
> 
> Perhaps you meant that there are alternatives to editing the values
> directly - ones that might be safer for the novice to use?
> 
> Jon Carnes - naughty hacker of shadow values

-- 
Nathan J. Conrad                     Campus phone #5930
301 Scott hall, UNC Charlotte        http://bungled.net
GPG: F4FC 7E25 9308 ECE1 735C  0798 CE86 DA45 9170 3112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20031222/8944ac09/attachment.pgp>

More information about the TriLUG mailing list