Automatically prompt for password change at first login.
This year was my 4th year handing out password to our yearly 180 new
pupils at my school. This year, unlike the other years, I did somethin
"clever"; making a mandatory change of password via kdm at first login.
When they logged on with the username and password created by wlus, they
were immediately prompted by kdm to change their passwords before kde
started.
This is how I did this:
At about line 109 i /etc/ldap/slapd.conf I added these lines:
access to attrs=shadowLastChange
by self ssf=128 =wx
by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
ssf=128 =wx
by * read
At about line 1126 in /usr/share/webmin/ldap-users/ldap-users.pl I
added these lines:
shadowMin =>0,
shadowMax =>99999,
shadowWarning =>7,
shadowLastChange=>0,
This prompts everyone to change their password, whether they login via
kdm or ssh.
The only drawback to this approach is that it only changes the
userPassword (Linux password), not sambaLMPassword or sambaNTPassword,
but I don't have any windows-machines anyway.
Later once they get to know Skolelinux, I introduce them to
https://tjener.intern:10000 via a webbrowser, it's nice not having to
walk them through changing their passwords in wlus as the first thing
they do on Skolelinux, that tends to "scare" people.
Feedback and improvements are very welcome, especially if these changes
that I made to slapd.conf and ldap-users.pl are sane, and if it is
possible to also get the sambaLMPassword and sambaNTPassword changed
this way (I suspect kdepasswd needs to be disciplined to do this).
Klaus
Reply to: