Environment:
Red Hat Enterprise Linux Server release 6.9 (Santiago)
LDAP provided by Oracle Directory Server running on Solaris
How do I turn off the automatic change password prompt when a user logs in with an expired password? I want the login to fail with a message that the password is expired.
It would be nice to add a message to contact our help desk also.
Currently when a user's password is found to have expired the system runs a password reset program but that does not work on our system because of our LDAP server.
I have tried changing chpass_provider = ldap
to chpass_provider = none
in the sssd.conf file [domain] section. But that did not work for me.
Any pointers greatly appreciated.
Best Answer
I think the easiest way is to set the account to expire as well as the password. If they occur on the same day then the user will still get the warning and be able to change their password before it expires, but once it does expire they will not be able to login and/or change their password.
This command will list expiration properties about the user:
You are also able to set properties with the
chage
command.As for newly created users, you can modify
/etc/default/useradd
and set theEXPIRE=
value which will set when the account expires for users created with useradd.As far as alerting IT. You could probably pretty easily iterate through the users and run the
chage
command to see if their account is locked/expired, and generate an email.This has some info: https://www.techrepublic.com/article/how-to-manage-linux-password-expiry-with-the-chage-command/