[OpenAFS] Password expiration in UNIX

aeneous@speakeasy.org aeneous@speakeasy.org
Tue, 08 May 2001 21:56:42 -0400


> I assume you want to implement some way to remind user about tokens 
> expiration, let's say, by e-mail.
> 
> AFS utility 'tokens' prints, among other information, tokens expiration 
> date. There may be better utility to obtain this info, but 'tokens' is 
> good enough.
> 
> Just execute 'tokens' with some reasonable interval (from cron), parse 
> output and perform any actions you find appropriate.

I am afraid you misunderstood.  Norm is using the "password aging" functions 
in the kaserver.  However, I believe your general approach would still work, 
if Norm were to use "kas examine" instead.  Personally, I'm not a big fan of 
forcing maximally inconvenient password changing.  One should encourage users 
to put more thought into password selection than is really likely under the 
gun of the "change password now" system.