[Cialug] Sarbanes-Oxley related issues

Jerry Weida jweida at gmail.com
Fri Aug 19 09:01:43 CDT 2005


I don't know about Linux, but on Solaris you can do a passwd -f <user> in 
order to force their password to expire making them have to change it on 
next login.
 As far as disabling accounts of 30 days of non-use, I know of no automated 
way of doing this.
Perhaps you can set the passwords to expire every 25 days and then your 
ability to disable the account after 5 days fo the password being expired 
will put you within compliance.
 Our systems do not have users on them except for the Sys Admins. They are 
all application servers and we aren't really concerned with this type of 
stuff. We just kill someone's account once they leave the company (the user 
database is only about 10 users!)
 On 8/18/05, Barry Von Ahsen <barry at vonahsen.com> wrote: 
> 
> Yea for government mandated busywork!
> 
> I've gotten nearly everything done except two (pam can do a lot, I'm not
> surprised, but I'd never needed to check):
> 
> User must change password on initial login - I could write a script to
> set chage to 1 if they haven't logged in, and to $max_pass_age after,
> but is there a better way?
> 
> and
> 
> Disable user accounts after 30 days idle - I have chage -m 0 -M 65 -I 5
> <user> which will disable an account 5 days after the password expires,
> which is close enough for me, but probably not for the SEC
> 
> anybody else gone through this joy?
> 
> -barry
> 
> 
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20050819/565a11bb/attachment.htm


More information about the Cialug mailing list