Although we are not setting user accounts to auth to AD, we are
enforcing password requirements via pwpolicy. One of those
restrictions is to change the password every 180 days.
I don't think there is an agreed upon solution to fix this issue; I
looked at the list, and couldn't find it.
However, it strikes me that pwpolicy must maintain a counter of how
long it has been since the last time a password was changed; if I
knew where that counter lived, and I could interrogate it, I could run
a nightly script to check if any passwords are set to expire in the
next x amount of days--and thereby alert the user.
This is particularly problematic for my ssh users. While I do have a
webpage cgi that will allow them to use their old password to change
to a new one, if it's simply timed out, they can't do this if they've
already disabled their account by too many attempts at logging
in--which is the natural response when ssh-ing in and receiving a "no
connection" alert.
Does anyone know where that timer count lives and can I interrogate it?
--
--
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
