Hi, I created an account guest to test password aging. The aging info of this account is following:
> chage -l guest Last password change : Nov 01, 2010 Password expires : Jan 30, 2011 Password inactive : never Account expires : never Minimum number of days between password change : 76 Maximum number of days between password change : 90 Number of days of warning before password expires : 14 However, I'm able to change my password when logged in as guest as many times I want the same day, even if minimum number of days between password change is set to a non-zero value. Does anybody know where the problem can be? I'm using an up-to-date debian lenny (5.0.6 nowadays) and I'm using PAM. The file /etc/pam.d/passwd looks as follows: > cd /etc/pam.d > cat passwd @include common-password > cat common-password password required pam_cracklib.so retry=3 difok=3 minlen=12 lcredit=0 ocredit=2 minclass=3 password required pam_unix.so use_authtok md5 remember=6 The pam_cracklib module works fine and I suposse that password aging info should be checked by pam_unix. However, it doesn't work properly when using passwd from the command line. On the other hand, the maximum number of days between password change works fine and if the user guest logs in after the timeout expires, guest is forced to change his password before login. Can anybody give me a clue where the problem can be? Thanks, Lukas -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cceeaba.3090...@seznam.cz
