Forcing password change on new users...
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Jan 13 16:20:11 UTC 2005
On Thu, Jan 13, 2005 at 10:20:13AM -0500, Henry Spencer wrote:
> One note of caution: passwords chosen in haste tend to be bad ones (or
> tend to get written down, or both). I'd follow this up with an email a
> few days later, encouraging them to change it again at their leisure,
> and explaining good password-choice practices a bit.
Or you configure pam to enforce certain rules on minimum length, mixed
numbers, symbols, letters, etc. Pam can even run a cracklib pass on the
password before deciding if it is good enough.
Of course the message saying to change the password probably has no way
to state the rules the password must follow unfortunately making for
very frustrated users at times. I guess if they are new accounts you
could hand them a piece of paper with info on picking good passwords and
what rules you enforce along with their initial login/password and
instructions to read that paper first.
Lennart Sorensen
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list