[Fedora] Change Password Banner

May 30, 2011

Dear *,

Last week, I had a technical question regarding the passwd command. The question was about how to insert a banner or warning message when a user want or have to change his password.

One of the solutions is to create a file /etc/motd_passwd_warning with your warning. Here “HELLO”.

[root@localhost ~]# cat /etc/motd_passwd_warning
HELLO

Then to change the /etc/pam.d/passwd in adding the following line :
password optional pam_echo.so file=/etc/motd_passwd_warning

[root@localhost ~]# cat /etc/pam.d/passwd
#%PAM-1.0
auth include system-auth
account include system-auth
password optional pam_echo.so file=/etc/motd_passwd_warning
password substack system-auth
-password optional pam_gnome_keyring.so use_authtok
password substack postlogin

And that is all.

Here is the result :

[root@localhost ~]# passwd
Changing password for user root.
HELLO
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully

Rem : Following a comment from Daniel Walsh – see below -, I changed a little bit this article from its original publication.
Thanks to Daniel for his feedback.

BR
Frederic🙂

BR

2 Responses to “[Fedora] Change Password Banner”

  1. Daniel Walsh said

    I would suggest you change your example to some place other then /tmp, since a user would be able to muck with this, if someone took you example literally.

    rm /tmp/hello.txt
    ln -s /etc/shadow /tmp/hello.txt
    passwd

    Not what a user would want.

    Better example would be

    password optional pam_echo.so file=/etc/hello.txt

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: