On Mon, 01 Nov 2010 21:35:20 +0000, Wolodja Wentland wrote: > On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote:
>>> However, I'm able to change my password when logged in as guest as >>> many times I want the same day > >> If someone learns my password on day 2, they have full access to my >> account for 74 days, or I must beg for SysAdmin help? > >> "Minimum number of days" isn't a very bright idea. > > I completely agree¹, but this policy should still be enforced or it has > to be made clear that this setting is deprecated and no longer enforced. +1 for the enforcement. > --- chage manpage --- > -m, --mindays MIN_DAYS (...) > … which is clearly not working in the way it is described. I have not > reproduced this bug myself, but it is exactly that and should therefore > be reported - not by posting to d-d - but rather by executing "reportbug > passwd". I've tried in a lenny box and faced the same behaviour than the OP. Maybe the new policy is to be applied _a day after_ the change or it should be enforced _as soon as_ changed? Is a "passwd" error (not reading/applying "/etc/shadow" mandate) or a "chage" one? :-? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.11.02.20.44...@gmail.com
