Re: Expired password notification

[Tony Earnshaw <tonni@hetnet.nl>]

Pierangelo Masarati skrev, on 16-01-2008 15:18:

[...]

> > Another approach could be to inform users via e-mail.
>
> But what if users don't read emails until password expiration?

Hehe ... at my Amsterdam high school (supposedly populated by 
way-above-average IQ kids and teachers) site I run OL ppolicy. Passwords 
en masse are coming up for renewal in February.

I have about 100 Dutch/immigrant kids out of about 800 who never read 
their mail and nothing on earth will ever make them. I have around 80 
teachers and 30 staff who can be forced to read their mail. I have a 
super system whereby everyone can send a VERP mail to himself and get 
back 6 password suggestions that pass the stringency test (very strict). 
But what's the good if they don't ever read their mail, their mail 
quotas are exceeded or whatever?

At the moment the Linux/Samba login screens tell them to contact "their 
administrator". Supposing we're all 3 of us administrators sick or dead 
or something?

I had thought about writing a shell (Perl's not necessary, I already do 
half of this in shell) script that looks at whether they've read their 
mail or not for the last week or so and if they haven't, refuse them any 
further authentication. But I haven't got that far yet.

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl