[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to force password change upon account creation

On Sun, 2012-12-23 at 17:33 -0600, Kyle Harris wrote:
> I have a perl script that allows for the creation of new accounts in
> OpenLDAP.  I am attempting to find a way to force the newly created
> user to change his or her password upon first login.  I tried setting
> the attribute pwdMustChange to TRUE but that attribute must not be
> definable upon user creation.  So, how can this be accomplished so
> that a new user is forced to change passwords after they first log on?

If your applications that are doing the authentication are using PAM,
setting the shadowLastChange attribute to 0 should do the trick.

You should probably grant the user the right permissions to update the
userPassword and shadowLastChange attributes.

-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

Attachment: signature.asc
Description: This is a digitally signed message part