samba - Jun 2007 - Change password expiry date for ALL users?

Hello,

I want to set the expiry date for passwords for all users with one
command. As --pwd-must-change-time only works for a single user and
policy settings are not applied after a change, I was wondering how to
solve this. Is the only way to write a script which runs "pdbedit
--pwd-must-change-time..." for every user?

greets Jimmy

-- 
                 Andreas "Jimmy" Gredler 
   ,'"`.         http://www.jimmy.co.at/ | jimmy@g-tec.co.at
  (  grml.org -? Linux Live-CD for texttool-users and sysadmins
   `._,          http://www.grml.org/    | jimmy@grml.org

On Wednesday, 06.06.2007 at 12:50 +0200, Andreas Gredler wrote:
> I want to set the expiry date for passwords for all users with one
> command. As --pwd-must-change-time only works for a single user and
> policy settings are not applied after a change, I was wondering how to
> solve this. Is the only way to write a script which runs "pdbedit
> --pwd-must-change-time..." for every user?
Depending on your password backend, it may be easier to attack *that*
instead?  It would be fairly straightforward for LDAP, for example.

Dave.
-- 
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7518, W 1.2016
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url :
http://lists.samba.org/archive/samba/attachments/20070606/7b341bbd/attachment.bin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Ewart wrote:
> On Wednesday, 06.06.2007 at 12:50 +0200, Andreas Gredler wrote:
> 
>> I want to set the expiry date for passwords for all users with one
>> command. As --pwd-must-change-time only works for a single user and
>> policy settings are not applied after a change, I was wondering how to
>> solve this. Is the only way to write a script which runs "pdbedit
>> --pwd-must-change-time..." for every user?
> 
> Depending on your password backend, it may be 
> easier to attack *that* instead?  It would be fairly
> straightforward for LDAP, for example.
Samba 3.0.25 generates the must change time based on
the policy setting so you only need to change the policy
to for example "one day"





jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGZrmLIR7qMdg1EfYRAnSrAKC/HIB9SMC0xSJDQP0Xm/3ChM+xYgCgidzW
1TceiaB/+a7PunfLSvVZ6KM=gXh3
-----END PGP SIGNATURE-----