SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 06:36 AM
| ||||
| ||||
 AIX 5.3 minage and ADMCHG conflict I've encountered a small problem with conflicting values of the user accounts minage attribute and the ADMCHG flag. On AIX 5.3 when root changes a users password the ADMCHG flag is set in /etc/security/passwd as it is with previous versions. However if the users account minage is set to say a week, when the user logs in after requesting a password reset for whatever reason they are prompted to change their password, again as you would expect. The problem is that the user is told that only root can change this password because the current password does not meet the minage requirements as illustrated below. login: bob bob's Password: [compat]: 3004-610 You are required to change your password. Please choose a new one. bob's New password: a minimum of 1 elapsed week between changes. 3004-320 Only the system administrator can change this password. Any one encountered this and come up with a workaround?      |
|
01-05-2008, 06:37 AM
| |||
| |||
| Re: AIX 5.3 minage and ADMCHG conflict hulkster wrote: > I've encountered a small problem with conflicting values of the user > accounts minage attribute and the ADMCHG flag. > > On AIX 5.3 when root changes a users password the ADMCHG flag is set in > /etc/security/passwd as it is with previous versions. However if the > users account minage is set to say a week, when the user logs in after > requesting a password reset for whatever reason they are prompted to > change their password, again as you would expect. > > The problem is that the user is told that only root can change this > password because the current password does not meet the minage > requirements as illustrated below. > > login: bob > bob's Password: > [compat]: 3004-610 You are required to change your password. > Please choose a new one. > > bob's New password: > a minimum of 1 elapsed week between changes. > 3004-320 Only the system administrator can change this password. > > Any one encountered this and come up with a workaround? One thing I do sometimes, when adding a new user, is after setting the initial password from root, I remove the ADMCHG flag for that user from /etc/security/passwd. This allows the user to keep the initial password until he or she feels comfortable with changing it. The slight security risk is worth the reduced hassle when a new user is not comfortable with logging in, and then picking a new password right away. This might be a workaround in your case too. |
|
01-05-2008, 06:40 AM
| ||||
| ||||
| Re: AIX 5.3 minage and ADMCHG conflict One other thing is that when trying to enforce a histexpire and a histsize on AIX 5.3, although it prompt you about the this security setting "Password was recently used and is not valid for reuse." You are still allowed to change the password to one that was recently used. i'm still working on this. |
Linear Mode
