Is there a way to force all users to change their password at next login? I want them to keep what they have, but the next login, they will have to change it.
Also, is there a way to "test" the password and make sure people aren't using passwords like "tom" or "1234"?
Force All Users to Change Password
Moderators: ScalixSupport, admin
-
dougp23
- Posts: 229
- Joined: Thu Feb 15, 2007 2:42 pm
Force All Users to Change Password
Check out my "Life with Scalix" blog at
http://swifttide.com/blog
http://swifttide.com/blog
-
kanderson
Re: Force All Users to Change Password
In SAC, go to Settings, and configure the password complexity level that you want from in the password tab.
To expire a password, use "ommodu <authid> -e" or ommodu -o user name/mailnode -e. In conjunction with something like "omshowu -m all" or "omsearch", it should be possible to script something fairly easily.
Testing a password would require you to guess at them. It's easier to just force a complex password using SAC as mentioned above.
Teach them how to make a good password. Otherwise, they'll just write it down.
An example might be my anniversary.
Kevin married his gorgeous bride Nicole in 1999. This becomes KmhgbNi1999. That's a wicked password, and it's easy to remember.
maybe...
I've been searching for mermaids in the Cancun surf since 1971. IbsfmitCss1971. Same thing.
How about...
John 3:16 - For God so loved the world... J3:16FGsltw
The key here is to find a password that's easy to remember, and REALLY hard to guess. Have numbers and letters. I generally try to avoid punctuation because some password mechanisms seem to hate weird characters. That's hard to explain to people, so I just avoid them all.
Kev.
To expire a password, use "ommodu <authid> -e" or ommodu -o user name/mailnode -e. In conjunction with something like "omshowu -m all" or "omsearch", it should be possible to script something fairly easily.
Testing a password would require you to guess at them. It's easier to just force a complex password using SAC as mentioned above.
Teach them how to make a good password. Otherwise, they'll just write it down.
An example might be my anniversary.
Kevin married his gorgeous bride Nicole in 1999. This becomes KmhgbNi1999. That's a wicked password, and it's easy to remember.
maybe...
I've been searching for mermaids in the Cancun surf since 1971. IbsfmitCss1971. Same thing.
How about...
John 3:16 - For God so loved the world... J3:16FGsltw
The key here is to find a password that's easy to remember, and REALLY hard to guess. Have numbers and letters. I generally try to avoid punctuation because some password mechanisms seem to hate weird characters. That's hard to explain to people, so I just avoid them all.
Kev.
-
kanderson
Re: Force All Users to Change Password
Ok, Here's how to create a script.
For those of you who code for a living, this will be proof that I'll never take your job.
This will be a list of all users in a script that will force their password to expired when it runs. Because this creates a script, you can edit the script, and remove users that you don't want this to run for, AND you can choose the time to have it run.
You'd run it with "bash /root/passwordreset.sh"
Kev.
For those of you who code for a living, this will be proof that I'll never take your job.
Code: Select all
omsearch -s -m UL-AUTHID|sed s/UL-AUTHID=/ommodu\ /|sed s/$/\ -e/ > /root/passwordreset.sh
This will be a list of all users in a script that will force their password to expired when it runs. Because this creates a script, you can edit the script, and remove users that you don't want this to run for, AND you can choose the time to have it run.
You'd run it with "bash /root/passwordreset.sh"
Kev.
Who is online
Users browsing this forum: No registered users and 9 guests