Re: Silly Users with Password as "Password"

From: Phillip Helbig---remove CLOTHES to reply (helbig_at_astro.multiCLOTHESvax.de)
Date: 01/10/04 

Date: Sat, 10 Jan 2004 00:46:11 +0000 (UTC)

In article <btnevk$dm0$1@hercules.btinternet.com>, "Robert"
<robert.heyes@btinternet.com> writes:

> Ive written a program today to check the SYSUAF.DAT for all my users in a
> group and find any naughty users who havent changed their password from the
> default I would set (which for example would be PASSWORD), eg. Username
> JBLOGGS Password PASSWORD by doing $dir nodename"JBLOGGS
> PASSWORD"::Login*.com and checking the return code. If the dir command was
> successful then output that user name to a text file as the password hadnt
> been changed.
>
> What I want to do now doesnt appear to be possible... (or I cant get VMS
> 7.2-2 to do it!)
>
> I want to modify each user's account in my text file so that the user is
> forced to change the password the next time they log in. I have a couple of
> ideas on how to do it but they may or may not work.

Use pre-expired passwords. Users can log in the first time with your
password and are forced to change it. This has been possible for ages.
 
> C. I was trying the flag where they could login once and then the next time
> they had to change the password, but that didnt appear to be working for me.
> Will keep trying. I suppose this one in theory would solve the problem but
> why doesnt it work!?
>
> Any Suggestions?

$ mc authorize help modif/pwdex

MODIFY

  /PWDEXPIRED

        /PWDEXPIRED (default)
        /NOPWDEXPIRED

     Specifies the password is valid for only one login. A user must
     change a password immediately after login or be locked out of the
     system. The system warns users of password expiration. A user can
     either specify a new password, with the DCL command SET PASSWORD,
     or wait until expiration and be forced to change. By default, a
     user must change a password when first logging in to an account.
     The default is applied to the account only when the password is
     being modified.

Relevant Pages

  • Re: XP Cached Logins
    ... If you don't know what the password is when you create the account, ... and anyone can login as that user the first time the account is ... upon first login. ... He however wants a technical answer explaining why this is required. ...
    (microsoft.public.windowsxp.general)
  • How do I re-login with ACTIVE DIRECTORY Account?
    ... I have been install ISA2004 Server, And for 1st time I create a new AD user. ... It is ok for FIRST TIME to login to Active Directory user account. ...
    (microsoft.public.isa.clients)
  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)
  • WinXP laptop, simple-style login conn to Win2000 share, error
    ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
    (microsoft.public.windowsxp.security_admin)