Theparanoidone Theparanoidone wrote:
Password change is not part of RADIUS.
I am new to radius, and although it is now clear that "expired passwords == user is blocked until they can authenticate from some other computer" ... I'm just surprised.
RADIUS is a protocol which controls network access. If the users password has expired, it means that it is no longer valid for network access. Any other interpretation results in "password expiry" losing all meaning.
I guess an alternate method is to implement login scripts to check if a users password expiration is approaching, and if so... prompt the user to update it before it expires (via, email, popup, whatever).
Or, have the user call IT, and reset the password.
Is that what the rest of radius users do / a best practice?
They don't use password expiry, *or* they require users to reset their password before it expires.
Thanks for all your help... all and all, freeradius is awesome.
Thanks. Alan DeKok.