Re: Debian for kids
On Wed, 2 Feb 2000, Ethan Benson wrote:
> that could get annoying for the other users who would find there
> passwds unchanged every day as well. a better option would be adding:
>
> auth requisite pam_listfile.so item=user sense=deny \
> file=/etc/deny.passwd onerr=succeed
>
> to the begining /etc/pam.d/passwd, and add any users who can't seem to
> use passwd command right to /etc/deny.passwd (or whatever). multiuser
> compatible!
Cool. Slicker than my group-based solution. Of course, I didn't
have pam back then :)
> though i would agree with the previous poster, changing then
> forgetting passwords is a good lesson (teach you to memorize first,
> change second), probably better then teaching them to never change
> their password ;-)
The problem is with very young kids who don't pick up on this. They
randomly type commands, and then randomly up-arrow to old commands to try
them again. I think it is the thrill of breaking the system that draws
them back again and again. As your kids mature and are ready to change
passwords responsibly, you can remove them from the deny.passwd. I
particularly like this approach because not *all* my kids were in the
habit of doing this, and each one was at a different stage of development
& maturity. Some of them were responsible about their passwords and some
just weren't "getting it" no matter how many times it was reinforced.
Some policies I implement will apply to all kids, but this one is a good
example of one that needs to be dealt with on a kid-by-kid basis for the
purpose of preserving the sanity of the sys admins until the kid learns :)
Ben
--
nSLUG http://www.nslug.ns.ca synrg@sanctuary.nslug.ns.ca
Debian http://www.debian.org synrg@debian.org
[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ]
[ gpg key fingerprint = 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ]
Reply to: