User permission
in [Solaris]
|
Prev: M3000
Next: Global name space
From: Richard B. Gilbert on 10 Jul 2010 15:07 Andrew Gabriel wrote: > In article <bq2_n.10294$0A5.3801(a)newsfe22.iad>, > harryooopotter(a)hotmail.co_ (Harry) writes: >> Freddy wrote... >> [...] >>>> A01 .User cannot change his passwd >>>> A02. The passwd never expires >>> but how to meet the first condition....??? >> [...] >> >> Why do you need this ? >> >> I could see anoynance on user's perspective; >> and security issue on sysadmin's perspective. > > I can't think why you'd want to do this either, but as I said > before, it tells you exactly how to do it on the man page. > I even worked somewhere which used it too. They also forced > everyone to change their password monthly. They thought they > were so secure. Of course, everyone's current passwd will be > some varient of July2010 at the moment, but people who write > security policies usually seem to have a remarkably little > understanding of the subject. > The people who don't use July2010 as their password, will write their password on a Post-It and stick it to the bottom of their keyboard! I think it's best just to give a few hints for creating a reasonably secure password and leave it to user's ingenuity. Password lifetime, in most cases, should be three to six months. The more onerous the security policy and procedures, the less likely that everything will be done right!
From: Freddy on 10 Jul 2010 15:15 On Jul 10, 11:22 pm, and...(a)cucumber.demon.co.uk (Andrew Gabriel) wrote: > In article <bq2_n.10294$0A5.3...(a)newsfe22.iad>, > harryooopot...(a)hotmail.co_ (Harry) writes: > > > Freddy wrote... > > [...] > >>> A01 .User cannot change his passwd > >>> A02. The passwd never expires > > >>but how to meet the first condition....??? > > [...] > > > Why do you need this ? > > > I could see anyonance on user's perspective; > > and security issue on sysadmin's perspective. > > I can't think why you'd want to do this either, but as I said > before, it tells you exactly how to do it on the man page. > I even worked somewhere which used it too. They also forced > everyone to change their password monthly. They thought they > were so secure. Of course, everyone's current passwd will be > some varient of July2010 at the moment, but people who write > security policies usually seem to have a remarkably little > understanding of the subject. > > -- > Andrew Gabriel > [email address is not usable -- followup in the newsgroup] Hi Mr.Gabriel and Harry, Thank you for the reply...as u said there is security issue ..but i just wanna know is it possible with the passwd command alone.... and man passwd says that If min is greater than max, the user can not change the pass- word. Always use this option with the -x option, unless max is set to -1 (aging turned off). In that case, min need not be set. passwd -x 1000000 -n 1000000 <username> I used the above command to achieve the two conditions which i stated above so the user passwd will be valid for 2739 years and the 2739 years required the user to change the passwd ... but any idea to achieve this infinity... :-( Thanks Freddy..
From: ITguy on 10 Jul 2010 17:55 > passwd -x 1000000 -n 1000000 <username> > > I used the above command to achieve the two conditions which i stated > above > so the user passwd will be valid for 2739 years and the 2739 years > required the user to change the > passwd ... > > but any idea to achieve this infinity... :-( passwd -x -1 <user>
From: hume.spamfilter on 10 Jul 2010 19:09 Andrew Gabriel <andrew(a)cucumber.demon.co.uk> wrote: > I can't think why you'd want to do this either, but as I said I can think of one reason (and, really, only the one): a password system that distributes passwords amongst a number of heterogenous systems. For example, a webpage that you change your password on and it sets your password on a number of subsystems that aren't LDAP/KRB5/NIS compatible. In a situation like that, you might want to disable setting passwords locally to force people through the password change page. The bad is that you end up copying passwords around, which sounds ridiculous in today's age of AD/LDAP/NIS; the upshot is that the password policy enforced by the webpage can be arbitrarily complex. -- Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
From: Cydrome Leader on 11 Jul 2010 16:29
Andrew Gabriel <andrew(a)cucumber.demon.co.uk> wrote: > In article <bq2_n.10294$0A5.3801(a)newsfe22.iad>, > harryooopotter(a)hotmail.co_ (Harry) writes: >> Freddy wrote... >> [...] >>>> A01 .User cannot change his passwd >>>> A02. The passwd never expires >> >>>but how to meet the first condition....??? >> [...] >> >> Why do you need this ? >> >> I could see anyonance on user's perspective; >> and security issue on sysadmin's perspective. > > I can't think why you'd want to do this either, but as I said > before, it tells you exactly how to do it on the man page. > I even worked somewhere which used it too. They also forced > everyone to change their password monthly. They thought they > were so secure. Of course, everyone's current passwd will be > some varient of July2010 at the moment, but people who write Haha |