Re: [Pam-mysql-general] /etc/shadow -> mysql-pam Migration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Sunday, 2 =D7=91April 2006 21:43, Gary W. Smith wrote:
> Bad boy...  But that's about how we had to do it as well.  There is
> still a problem with users that infrequently log into the system.  We
> have some users that have multiple accounts and rarely use their
> secondary accounts (which are critical to their configuration).

Yes, a problem. I will solve this by simply ignoring the problem until=20
someone fails to use their account and call me. I can do this because I=20
have just a few users (or anyway - a few infrequent users), they can=20
easily call me or one of the other admins and nothing on that setup is=20
mission critical (AFAIK).=20
With most other setups, this is probably the wrong approach. I haven't=20
yet disabled old passwords (though I intend to do it soon), so I can't=20
vouch for how well my solution works ;-)

> Something we did for those users that had the problem with messed up
> passwords is to create a web page for them to go to that just
> validates their password.  That is, it would ask them for their login
> and password.=20

This is OK if your users won't mind getting a "please validate your=20
password" notices. Most of my users will freak out if they get=20
something like that - these kind of scams are very frequent on the=20
internet :-(

If its manageable, then I suggest setting up a "change my password" web=20
page which uses PAM (or any other method) to validate the old password=20
and set a new one, and then manually emailing, calling or walking over=20
to each user and ask them to use that - or your standard password=20
change interface - to change the password.

=2D-=20
Oded

::..
"The reasonable man adapts himself to the world; the unreasonable one=20
persists in trying to adapt the world to himself.  Therefore all=20
progress depends on the unreasonable man."
	-- George Bernard Shaw