I have a NIS master-slave setup and I would like to improve the password rules/complexity for it. Seems like if I introduce new rules to the NIS Master they are applicable only from there. What I mean:
I want minimal password length of 9 characters. On the NIS master if I run 'passwd' it obeys this requirement. If I run 'yppasswd' it just go to the default 6 characters. If I use 'chage -d 0 user1' to force a user to change a password, the user is prompted only when login on the NIS Master. The user's old password is still good to login at NIS clients. All machines are running Ubuntu 9.10 or 10.04.
How I can strengthen yppasswd rules and make it warn users to change their passwords?
Thank you all!
Best Answer
Unfortunately (short of recompiling yppasswd and hard coding in your requirements), this cannot be accomplished as stated. I would submit that the yppasswd daemon should be disabled and no calls to yppasswd should be made. A much better approach is to configure your pam stack to handle native calls to passwd and push them through the appropriate authentication channels. Alternatively you can globally alias yppasswd to passwd -r nis (man password for individual arguments).
That'd be where I would start.