SUMMARY- Password Aging

From: Tim Feeney (feeney@messaging.tfn.com)
Date: Wed May 29 1996 - 19:51:23 CDT


     
There were two solutions to this problem:
   1. Presented by Mark Berman
   This is a problem. There's a shell script fix that replaces /bin/passwd. I
got it from a search of the archives of this list. Here's the script I use. I
think the only local change I've made is to replace "echo" with "/usr/bin/echo".

----------------------------------------------------------------- #!/bin/sh
# Hack passwd command rapper for other name services.

# @(#)passwd.sh 1.3 03 Aug 1992 Chris.Gerhard@uk.sun.com

trap "exit 1" 1 2 3 4 5 6 7 8 10 12 13 14 15 16 17 22 28 29 30 31

if [ $# -gt 0 ];then
pass=$*
else
pass=$LOGNAME
fi

result=`while read targ spam ; do
if [ "$targ" = "passwd:" ]; then
/usr/bin/echo $spam
break
fi
done < /etc/nsswitch.conf`

for tat in $result
do
case $tat in
files) if egrep "^$pass" /etc/passwd > /dev/null; then
exec localpasswd $pass
fi ;;
nisplus) if nistest [name=$pass],passwd.org_dir.`domainname`
then
if nismatch name=$pass passwd.org_dir.`domainname` \
> /dev/null 2>&1
then
:
else
                       /usr/bin/echo ""
/usr/bin/echo "Enter old \c" ; keylogin fi
exec nispasswd $pass
fi ;;
nis) if ypmatch $pass passwd > /dev/null ; then
exec yppasswd $pass
fi ;;
*) /usr/bin/echo Unknown name service $tat. Check nsswitch.conf
exit 0
esac
done
/usr/bin/echo $0:$pass user not found exit 1
----------------------------------------------------------------- ----
Mark Bergman bergman@phri.nyu.edu System and Network
Administrator 212-578-0822
Public Health Research Institute Rm. 1074, 455 1st Ave, NY NY, 10016

2. Presented by Mike Daffey

You need a patch for 2.3 (101582-03) and 2.4 (102336-01). These patches are
classed as 'point patches' - ones which won't necessarily be integrated into
the standard releases. They consist of a modified version of login and a script
( passwd_changer) which invokes either passwd or nispasswd as appropriate. I
haven't verified that it works, but it looks as though the 2.5 login program
has been modified to directly invoke either passwd or nispasswd as appropriate.

Regards,

---------------------------------------------------------------------------
Mike Daffey, miked@fujitsu.com.au
Fujitsu Australia

I did not see the patch on the Sun web site, and have yet to implement the
script mentioned in solution 1. I will update the list with any problems or
additional solutions I encounter. Thank you Mike and Mark for your responses.

Tim



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:00 CDT