The rules imposed on us
do not permit it to be treated as a single-user system.
We are using pwpolicy to
set the password lifetime, but the user receives no notification of pending password
expiration, and when it is expired, is not requested by OS X to change it.
Thanks for the ideas,
though.
- Mike
From: Peter Link [mailto:email@hidden]
Sent: Wednesday, October 29, 2008 12:08 PM
To: Rich Trouton
Cc: Groberg, Michael N; email@hidden Talk
Subject: Re: [Fed-Talk] Password issues - Leopard
Does
NISPOM have a section for standalone (single-user) systems? If so, is it as
restrictive as networked computers?
Our
policy allows for a different set of requirements for standalone systems where
extensive technical protection measures may be inappropriate. Our DAA makes the
final call on these.
pwpolicy
works a lot better on Leopard but doesn't do everything OSXServer does and you
can use OSXServer's Workgroup Manager application to manage local users on a
standalone system to satisfy other requirements.
On
Oct 29, 2008, at 8:52 AM, Rich Trouton wrote:
How
are you forcing password changes then, if this isn't on OS X Server? Are you
using pwpolicy?
Thanks,
Rich
On Oct 29, 2008, at 9:23 AM, Groberg, Michael N wrote:
Thanks.
>From the documentation, it says the script most run on OS Server,
and
these machines are "standalone"
-
Mike
-----Original
Message-----
From:
Rich Trouton [mailto:email@hidden]
Sent:
Wednesday, October 29, 2008 8:36 AM
To:
Groberg, Michael N
Cc: email@hidden
Subject:
Re: [Fed-Talk] Password issues - Leopard
For
the password notification, you may want to check out pwMonitor:
http://sibr.com/utilities/pwMonitor.html
Thanks,
Rich
On
Oct 29, 2008, at 5:52 AM, Groberg, Michael N wrote:
We
are trying to configure a system to be compliant with the security
rules
(NISPOM, etc) and have two questions.
The
system is stand-alone (i.e., neither connected to a MAC server nor
to
AD).
1)
Does anyone have a script or other method for informing a user 14
days
in advance of when the user's password will expire?
2)
In our testing, when the user's password needs to be changed we
have
not
seen any prompt to force a change. The account just gets locked
out.
Any
suggestions for fixing this?
Thanks
for any ideas.
-
Mike Groberg
_______________________________________________
Do
not post admin requests to the list. They will be ignored.
Fed-talk
mailing list (email@hidden)
Help/Unsubscribe/Update
your Subscription:
40mail.nih.gov
This
email sent to email@hidden
---
Rich
Trouton (Contractor)
LAN
Support
email@hidden
-----------------------------------------------------------
National
Human Genome Research Institute
National
Institutes of Health - Bethesda, MD
Office
number:
(240)
506-7993
NIH
Help Desk:
(301)
496-4357
NIH
support request website:
http://ithelpdesk.nih.gov/Support/
The
best way to get in touch with me is through email.
---
Rich Trouton (Contractor)
LAN Support
email@hidden
-----------------------------------------------------------
National Human Genome Research Institute
National Institutes of Health — Bethesda, MD
Office number:
(240) 506-7993
NIH Help Desk:
(301) 496-4357
NIH support request website:
http://ithelpdesk.nih.gov/Support/
The best way to get in touch with me is through email.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Lawrence
Livermore National Laboratory
|