Pierangelo Masarati skrev, on 16-01-2008 15:18:
[...]
Another approach could be to inform users via e-mail.
But what if users don't read emails until password expiration?
Hehe ... at my Amsterdam high school (supposedly populated by way-above-average IQ kids and teachers) site I run OL ppolicy. Passwords en masse are coming up for renewal in February.
I have about 100 Dutch/immigrant kids out of about 800 who never read their mail and nothing on earth will ever make them. I have around 80 teachers and 30 staff who can be forced to read their mail. I have a super system whereby everyone can send a VERP mail to himself and get back 6 password suggestions that pass the stringency test (very strict). But what's the good if they don't ever read their mail, their mail quotas are exceeded or whatever?
At the moment the Linux/Samba login screens tell them to contact "their administrator". Supposing we're all 3 of us administrators sick or dead or something?
I had thought about writing a shell (Perl's not necessary, I already do half of this in shell) script that looks at whether they've read their mail or not for the last week or so and if they haven't, refuse them any further authentication. But I haven't got that far yet.
--Tonni