Password Policy - Expired Password - mschap

Alan DeKok aland at deployingradius.com
Fri Aug 13 04:10:40 CEST 2010


Theparanoidone Theparanoidone wrote:
>>>>>  Password change is not part of RADIUS.
> 
> I am new to radius, and although it is now clear that "expired passwords == user 
> is blocked until they can authenticate from some other computer" ... I'm just 
> surprised.

  RADIUS is a protocol which controls network access.  If the users
password has expired, it means that it is no longer valid for network
access.  Any other interpretation results in "password expiry" losing
all meaning.

> I guess an alternate method is to implement login scripts to check if a users 
> password expiration is approaching, and if so... prompt the user to update it 
> before it expires (via, email, popup, whatever).

  Or, have the user call IT, and reset the password.

> Is that what the rest of radius users do / a best practice?

  They don't use password expiry, *or* they require users to reset their
password before it expires.

> Thanks for all your help... all and all, freeradius is awesome.

  Thanks.

  Alan DeKok.



More information about the Freeradius-Users mailing list