Path: utzoo!news-server.csri.toronto.edu!rutgers!usenet!ogicse!emory!att!linac!midway!ellis.uchicago.edu!swsh
From: swsh@ellis.uchicago.edu (Janet M. Swisher)
Newsgroups: comp.unix.questions
Subject: Re: password aging
Message-ID: <1991Mar13.222436.19819@midway.uchicago.edu>
Date: 13 Mar 91 22:24:36 GMT
References: <1991Mar11.185411.2414@ssd.kodak.com> <15448@smoke.brl.mil> <731@escom.com>
Sender: swsh@midway.uchicago.edu (Janet M. Swisher)
Distribution: na
Organization: University of Chicago
Lines: 35

On the question of whether there is a built-in mechanism to keep track
of password ages, that could be used to bug users to change passwords
regularly:

I'm not a sysadmin, but it seems this must be possible, given this
finger information I got from a machine at another site (info has been
changed to protect the ignorant).  I believe the machine in question
is a Vax running some variety of BSD Unix.

>%finger user@some.other.site
>[some.other.site]
>Login name: user2                       In real life: John Q. User
>Account Created: 10/01/90               Password Modified: 10/01/90
>Account Expires: 10/01
>Directory: /user/user2
>Never logged in.
>No Plan.
>
>Login name: user1                       In real life: Mary Z. User
>Account Created: 07/20/87               Password Modified: 10/31/89
>Account Expires: 09/20/91
>Directory: /user/user1                	 Shell: /bin/csh
>On since Mar 13 15:03:45 on tty22       48 minutes Idle Time
>No Plan.

Now, why a sysadmin would configure finger to display to the world how
old the passwords are on all the accounts, I don't know.  But it
appears to be possible, so the information must be saved somewhere.



-- 
Janet Swisher			Internet: swsh@midway.uchicago.edu	
University of Chicago		Phone: (312) 702-7608
Academic and Public Computing	P-mail: 1155 E. 60th St. Chicago IL 60637, USA