RE: [Fed-Talk] Leopard - Account Lockout after password expiration
RE: [Fed-Talk] Leopard - Account Lockout after password expiration
- Subject: RE: [Fed-Talk] Leopard - Account Lockout after password expiration
- From: "Groberg, Michael N" <email@hidden>
- Date: Mon, 10 Nov 2008 11:07:57 -0500
- Thread-topic: [Fed-Talk] Leopard - Account Lockout after password expiration
We currently have expirationDate set and will be trying maxMinutes next.
The way it is now, when the user tries to log on after password
expiration, the account gets locked with no opportunity to change the
password, which is what is required.
-----Original Message-----
From: fed-talk-bounces+michael.n.groberg=email@hidden
[mailto:fed-talk-bounces+michael.n.groberg=email@hidden] On
Behalf Of Allan Marcus
Sent: Friday, November 07, 2008 5:23 PM
To: Fed Talk
Subject: Re: [Fed-Talk] Leopard - Account Lockout after password
expiration
For OD servers, look at
http://sibr.com/utilities/pwMonitor.html
For AD bound Macs, look at
http://yourmacguy.wordpress.com/downloads/
For stand alone macs it's a little more complicated. Which method are
you using to expire the password?
maxMinutesUntilChangePassword
expirationDateGMT
If you are using the expiration data method, then you can just use
pwpolicy -u <usename> -n /Local/Default -getpolicy
to extract the date, then display a message if the date is say within
x days (in a login item script). There are just so many ways
expiration could be set up. how are you doing it?
---
Thanks,
Allan Marcus
505-667-5666
On Nov 6, 2008, at 5:20 AM, Groberg, Michael N wrote:
> I haven't gotten a response that helps yet, so I am trying again.
>
> We are trying to configure a system to be compliant with the security
> rules (NISPOM, etc).
> The system not connected to any network.
>
> In our testing, when the user's password needs to be changed we have
> not
> seen any prompt to force a change, and when the user tries to log in
> after the password is expired, the account just gets locked out.
>
> Any suggestions for fixing this?
>
> Thanks for any ideas.
>
> - Mike Groberg
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden