Hi, Some people have asked about the option on linux that they have found useful on NT: force users to change their password upon their first login. I implemented this feature as a pam_firstlog module. The same behavior, implemented by the module, can be achieved playing with /etc/shadow. In particular, playing at the same time with its 3rd and 5th field. However, how these fields should be modified depends on the default policy. Also there seems to be no command line tool to modify the 3rd field. So, it seems to me better to separate the pw change policies for first and for subsequent logins. Also, not everybody uses shadow utils. The module has got some testing, but only under linux. I copied a cascade of #ifdef macros about architecture-dependent features from A.M.-s pam_lastlog.c so I hope it should work on other systems as well. Great if you give it some testing and tell what you think. URL: http://cens.ioc.ee/~kongas/firstlog.tar.gz Best, Olav
