Synchronizing Forced Password Changes?

aroobie asks: "I have several different types of servers running at my small office including Windows 2000 Advanced Server, VMS, IRIX, and Linux. My corporate parent wants to force passwords to change every 90 days, which is a good thing, but once a user changes his/her Windows password access to the other servers is denied until I make appropriate changes on the non-Windows servers. Sort of defeats the purpose of changing the password since each users has to give me their new password to make them match on on the servers. Has anyone found a way to synchronize passwords on different systems? Is there software available to do this?"

Re:Password changing is ignorant

[perljon]

Some how, 30 days after you set the password to f$6hq7#, it was compromised. Even though it was a great password, I grabbed the /etc/passwd file and brute forced it, or I sniffed your password when you used telnet instead of ssh, I looked in through a window and a telescope and watched your fingers, I put a keyboard sniffer on your keyboard, I used high-tech equipment to detect the electrical impulses from the key, or I even watched you type it in (after all, it takes a little longer since you are a pecker instead of a typer.) Long story short, I grabbed your password. If you have passwords reset every 90 days, I have only compromised your password for 60 days instead of a year.

The trick is educating your users on how to create good passwords from pass phrases. ie, I like to buy expensive high tech toys becomes IlTbEhTt Now, do some number replacements for for Capital letters, you make the rules, but make your own. I will replace capital I's with 1's and Capital E's with 3's in this example. 1lTb3hTt What we come up with is an easily remembered password because you know the pass phrase and you know the algoryhtm you used to create the password. (took my last sentence, took the first letter, replaced I's with 1's, E's with 3's, o's with 0's.)