I am dealing with an FTP server and I have implemented password hardening on the server. The thing is that, it applies to SSH connection.
I forcefully expired password of a user so that he can change password at next login. But the user logged in to the server through FTP and he wasn't asked to change his password. In that case user will never ever need to change his\her password and can continue accesing server even after the password is expired.
Is there any way to deal with this.
Can I force user to change password at FTP access?
What FTP server? What system? Is this actually ftp or is it sftp?
It is an RHEL 4 update 4 server and users are accesing the server using file zille or they ftp the server from dos.
You're forcing your clients to use DOS? How do they even get on the network with DOS? Or do you mean Windows CMD?
I don't think you can force clients to change passwords over FTP. File Transfer Protocol is very simple and stupid, and doesn't have facilities to do much except transfer files.
Honestly, I have my doubts that you've succeeded in hardening the password. Windows commandline FTP doesn't support SSL last I check. Microsoft said they included an "ftps.exe" with IIS 7 but either forgot to do so or flat-out lied.
1 Like
Yes you can say wondows CMD... I was looking for some option with FTP. After searching a lot I couldn't find anything useful so thought this forum could help. On SSH connection password hardening is working fine so now I am planning to force users to accesss their data through SSH atleast to change the password for the veryfirst time.
Anyways Thx!! 