We recently upgraded CMS from V14 to V17. Ever since the upgrade I have been unable to successfully reset a users password with the "passwd -d XXXX" command. I was however able to successfully use the passwd -f XXXX command but the user wasn't being forced to enter a new password. Normally with the -d command I would instruct the client not to enter a password and the system would prompt them to enter a new one. Its not working. Any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Resetting Passwords 2
- Thread starter prflash
- Start date
AvayaTier3
Technical User
Is the new CMS linux or solaris
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
-
1
- #3
AvayaTier3
Technical User
chage -d 0 login_name
Makes login_name change pw at next login
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
Makes login_name change pw at next login
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
- Thread starter
- #4
-
1
- #5
AvayaTier3
Technical User
man chage
CHAGE(1) CHAGE(1)
NAME
chage - change user password expiry information
SYNOPSIS
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive]
[-E expiredate] [-W warndays] user
chage -l user
DESCRIPTION
chage changes the number of days between password changes and the date
of the last password change. This information is used by the system
to determine when a user must change her password. The chage command
is restricted to the root user, except for the -l option, which may be
used by an unprivileged user to determine when her password or account
is due to expire.
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
CHAGE(1) CHAGE(1)
NAME
chage - change user password expiry information
SYNOPSIS
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive]
[-E expiredate] [-W warndays] user
chage -l user
DESCRIPTION
chage changes the number of days between password changes and the date
of the last password change. This information is used by the system
to determine when a user must change her password. The chage command
is restricted to the root user, except for the -l option, which may be
used by an unprivileged user to determine when her password or account
is due to expire.
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
I believe the newer version of Linux that comes with the CMS 17 install doesn't support blank passwords anymore.
You have to use the command:
passwd (username)
and manually set a password.
We'll use a "temporary" password like cms12345
then do the command:
passwd -f (username)
and they will have to change it when they log in with the temporary password.
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
You have to use the command:
passwd (username)
and manually set a password.
We'll use a "temporary" password like cms12345
then do the command:
passwd -f (username)
and they will have to change it when they log in with the temporary password.
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
- Thread starter
- #7
Tried that still same result. I used the command passwd XXXXXX and it did prompt me to enter a new password for that user. Then I typed the passwd -f XXXXX and it still asked me to enter a new password. Passwd -d XXXX will remove the password but when the user tries to login without a password by entering the login and then leaving the password field blank and clicking OK the app is still not prompting us to enter a new password.
You're saying that when you use the "passwd -f xxxxxx" it's prompting you to enter the new password for the user?
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
- Thread starter
- #9
Here are all the commands I have used with the response from Linux
[root@r3onfs cms]# passwd -f prflash
Changing password for user prflash.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@r3onfs cms]# passwd -d prflash
Removing password for user prflash.
passwd: Success
[root@r3onfs cms]# passwd prflash
Changing password for user prflash.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@r3onfs cms]#
[root@r3onfs cms]# passwd -f prflash
Changing password for user prflash.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@r3onfs cms]# passwd -d prflash
Removing password for user prflash.
passwd: Success
[root@r3onfs cms]# passwd prflash
Changing password for user prflash.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@r3onfs cms]#
AvayaTier3
Technical User
Did you try this linux command?
chage -d 0 prflash
Makes prflash change pw at next login
You can also manally change the /etc/shadow file if you have root access.
/etc/shadow after setting new password
bsh:$1$k0QatYbU$q4IrwsJNxXZDWJZ2LhU1u0:16169:0:99999:7:::
^
No. of days to January 1st, 1970
when password last changed
cracker4 :root: [2334]-> chage -d 0 ksh
/etc/shadow after chage -d 0 bsh command
bsh:$1$k0QatYbU$q4IrwsJNxXZDWJZ2LhU1u0:0:0:99999:7:::
^
Makes you change pw next time you login
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
chage -d 0 prflash
Makes prflash change pw at next login
You can also manally change the /etc/shadow file if you have root access.
/etc/shadow after setting new password
bsh:$1$k0QatYbU$q4IrwsJNxXZDWJZ2LhU1u0:16169:0:99999:7:::
^
No. of days to January 1st, 1970
when password last changed
cracker4 :root: [2334]-> chage -d 0 ksh
/etc/shadow after chage -d 0 bsh command
bsh:$1$k0QatYbU$q4IrwsJNxXZDWJZ2LhU1u0:0:0:99999:7:::
^
Makes you change pw next time you login
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
I know this doesn't resolve your issue, but a lot of the passwords you were trying were not valid.
In R17 passwords are denied if:
[ul]
[li]does not contain at least one upper case character [/li]
[li]does not contain at least numeric character [/li]
[li]is a rotated version of the old password [/li]
[li]is a change in case of the old password [/li]
[li]is similar to the old password [/li]
(e.g. over half of the characters are the same)
[li]is simple [/li]
[li]is a palindrome [/li]
[li]is part of a dictionary word. The default dictionary is located in /usr/share/dict/words and contains almost 500,000 words. [/li]
[li]is a repeat of the previous password(s) [/li]
[li]has too many consecutive characters [/li]
[li]contains the username in some form [/li]
[/ul]
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
AvayaTier3
Technical User
Code:
/etc/shadow after setting new password
bsh:$1$k0QatYbU$q4IrwsJNxXZDWJZ2LhU1u0:16169:0:99999:7:::
^
No. of days to January 1st, 1970
when password last changed
cracker4 :root: [2334]-> chage -d 0 ksh
/etc/shadow after chage command
bsh:$1$k0QatYbU$q4IrwsJNxXZDWJZ2LhU1u0:0:0:99999:7:::
^
Makes you change pw next time you loginA great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
AvayaTier3
Technical User
Stinney
I don't have R17 cms box.
I am told after providing the command, that this works. I cannot verify personally. Do you have R17 cms box?
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
I don't have R17 cms box.
I am told after providing the command, that this works. I cannot verify personally. Do you have R17 cms box?
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
I have an R16 with password aging so I can't test either.
I'm just assuming that because the command resets the number of days that the password has been active that password aging would have to be active for it to work, that's all.
There seem to be several issues with password resets with R17 according to Avaya documentation. There is a PSN out there with a patch and client upgrade that is recommended to resolve password reset issues:
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
I'm just assuming that because the command resets the number of days that the password has been active that password aging would have to be active for it to work, that's all.
There seem to be several issues with password resets with R17 according to Avaya documentation. There is a PSN out there with a patch and client upgrade that is recommended to resolve password reset issues:
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
- Thread starter
- #17
Here's an article that also discusses the blank password change:
Another regarding access through web client with R17:
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
Another regarding access through web client with R17:
- Stinney
"Scire ubi aliquid invenire possis, ea demum maxima pars eruditionis est"
"To know where to find anything is, after all, the greatest part of education"
- Status
Similar threads
- Locked
- Question