password aging

[Janet M. Swisher]

On the question of whether there is a built-in mechanism to keep track
of password ages, that could be used to bug users to change passwords
regularly:

I'm not a sysadmin, but it seems this must be possible, given this
finger information I got from a machine at another site (info has been
changed to protect the ignorant).  I believe the machine in question
is a Vax running some variety of BSD Unix.

>%finger user at some.other.site
>[some.other.site]
>Login name: user2                       In real life: John Q. User
>Account Created: 10/01/90               Password Modified: 10/01/90
>Account Expires: 10/01
>Directory: /user/user2
>Never logged in.
>No Plan.
>
>Login name: user1                       In real life: Mary Z. User
>Account Created: 07/20/87               Password Modified: 10/31/89
>Account Expires: 09/20/91
>Directory: /user/user1                	 Shell: /bin/csh
>On since Mar 13 15:03:45 on tty22       48 minutes Idle Time
>No Plan.

Now, why a sysadmin would configure finger to display to the world how
old the passwords are on all the accounts, I don't know.  But it
appears to be possible, so the information must be saved somewhere.



-- 
Janet Swisher			Internet: swsh at midway.uchicago.edu	
University of Chicago		Phone: (312) 702-7608
Academic and Public Computing	P-mail: 1155 E. 60th St. Chicago IL 60637, USA