Logging a User Off

Craig Campbell craig at attcan.UUCP
Fri Oct 12 03:17:04 AEST 1990 

In article <15051 at cbmvax.commodore.com> ag at cbmvax.commodore.com (Keith Gabryelski) writes:
>In article <1990Sep11.173008.274 at mccc.uucp> pjh at mccc.uucp (Pete Holsberg) writes:
>>For reasons that are beyond the scope of this question, all new logins
>>on one of my systems (3B2.400 SVR3.1) get no initial password.  I've
>>written a little script that I put into /etc/profile.  It examines the
>>password field of /etc/passwd for the user logging in and runs the
>>passwd program if the password field is empty.  
>>
>>However, I would like to be able to terminate the login process if that
>>user fails to select a password.  I though I would examine the return
>>code of the passwd command and then exit if it's not 0.  BUT, simply
>>executing "exit" doesn't abort the login; it aborts /etc/profile!  What
>>can I execute to terminate the login of a user who fails to select a
>>valid password?
>
>Remember that a user may hit the interupt key before your script
>starts, thus aborting /etc/profile and your password scheme.  Even
>placing a `trap' at the start of /etc/profile will not help this
>(since on a user could hit the interupt character before the trap was
>executed).
>
>
>Pax, Keith ``Just catching up on 3 weeks of unread news'' Gabryelski


How about enabling password aging?  Here is a qoute from an old manual
(we are at UNIX 3.2.2 which is slightly different.)

Quote from AT&T 3B2 Computer, Unix (r) System V Release 3,
User's and System Administrator's Reference Manual

PASSWD(4)

..." Password aging is -effected for a particular user if his encrypted
password in the password file is followed by a comma and a non-null string of 
characters fromt the above alphabet.  (oops...alphabet is (., /, 0-9, A-Z, a-z)
 - craig (-: ) (Such a string must be introduced in the first instance by the
super-user.)

The first character of age, M say, denotes the maximum number of weeks for
which a password is valid.  A user who attempts to login after his password 
has expired will be forced to supply a new one.  The next character, m say, 
denotes the minimum period in weeks that must expire before the password may
be changed.  The remaining one or two characters define the week (counted from
the beginning of 1970) when the password was last changed. (A null string is
equivalent to zero.)  M and m have numberical values in the range 0-63 that
correspond to the 64-character alphabet shown above (i.e. / = 1 week; z = 63
weeks).  If m = M = 0 (derived from the the string . or ..) the user will be 
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
forced to change his password the next time he logs in (and the "age" will
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
disappear from his entry in the password file).  If m > M (signified, e.g., by
the string ./) only the super-user will be able to change the password."


Hope this solves your problem,

craig

More information about the Comp.unix.admin mailing list