Results 1 to 4 of 4

Thread: Change password policy - impact on legacy passwords?

  1. #1
    adamthehutt is offline Member
    Join Date
    Aug 2008
    Posts
    10
    Rep Power
    6

    Default Change password policy - impact on legacy passwords?

    Hi,

    We're going to change our password policy to impose some new restrictions (e.g., X number of capital letters, etc.) For users whose current passwords are in compliance, I don't want to make them create new passwords. For users who have non-compliant passwords, though, I'd like to force a password change. Is this possible?

    Thanks.

  2. #2
    czguy is offline Senior Member
    Join Date
    Jan 2014
    Posts
    69
    Rep Power
    1

    Default

    Check this out, it may prove useful: [SOLVED] Force password change for ALL accounts

  3. #3
    adamthehutt is offline Member
    Join Date
    Aug 2008
    Posts
    10
    Rep Power
    6

    Default

    Quote Originally Posted by czguy View Post
    Check this out, it may prove useful: [SOLVED] Force password change for ALL accounts
    Thanks, but it seems like that would require all users to change their passwords, even if they were already compatible with the new policy. I'd like to let those users keep their passwords and only force a change for those who are non-compliant.

  4. #4
    czguy is offline Senior Member
    Join Date
    Jan 2014
    Posts
    69
    Rep Power
    1

    Default

    Understood. There's no way that I know of to display the user's password in clear text via zmprov otherwise I'd say get a list of users who don't match the new policy, then use zmprov in a script to force the password change for all those users. I believe the password is stored in a hash so you'd have to figure out a way to retrieve it. You can pull the hash by running zmprov -l ga user@domain.com userPassword.

    If I were in your situation I would do the following.

    1.) Announce your policy change and a date in which it will be implemented/enforced
    2.) Run a force change password for all users
    3.) Set an appropriate aging policy

    I'd rather inconvenience compliant users by doing this once than to risk a single account being subjected to a dictionary or brute force attack.

    Security > Obscurity

    Just my .02c

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. COS Password Policy - Maximum Password Age question
    By Brianw in forum Administrators
    Replies: 1
    Last Post: 08-14-2013, 02:22 AM
  2. Bulk Password Policy
    By jcmanous in forum Administrators
    Replies: 1
    Last Post: 03-05-2009, 09:03 AM
  3. Replies: 5
    Last Post: 11-28-2008, 09:26 AM
  4. password policy
    By hvle in forum Administrators
    Replies: 0
    Last Post: 01-14-2008, 11:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •