Password change after expire with Cisco ASA to local FR user DB (text file) Not Working

[Phil Mayers]

On 02/09/2012 02:18 AM, Fajar A. Nugraha wrote:
> On Thu, Feb 9, 2012 at 7:49 AM, Will Richmond<will at bootit.com>
> wrote:

>> Does there exist an "xlat:" that NT-hashs new cleartext password,
>> deletes the change pass xtrl attribute in users file and then
>> writes the new pass there? or am I going about this the wrong way?
>
> It's hard for you because you're using file. Your only option would
> be to use either rlm_perl or rlm_exec, and write your own program to
> update your text file.

Spot on. I tested with SQL when I built it. You can certainly make it
work with files, but you'll need to handle modifying the file in an
external script yourself. Watch out carefully for locking issues, and be
sure to use an atomic rename() call to swap the new file back into place.