Camaleón wrote: > On Mon, 01 Nov 2010 21:35:20 +0000, Wolodja Wentland wrote: > >> On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote: > >>>> However, I'm able to change my password when logged in as guest as >>>> many times I want the same day >>> If someone learns my password on day 2, they have full access to my >>> account for 74 days, or I must beg for SysAdmin help? >>> "Minimum number of days" isn't a very bright idea. >> I completely agree¹, but this policy should still be enforced or it has >> to be made clear that this setting is deprecated and no longer enforced. > > +1 for the enforcement. > >> --- chage manpage --- >> -m, --mindays MIN_DAYS > > (...) > >> … which is clearly not working in the way it is described. I have not >> reproduced this bug myself, but it is exactly that and should therefore >> be reported - not by posting to d-d - but rather by executing "reportbug >> passwd". > > I've tried in a lenny box and faced the same behaviour than the OP. Maybe > the new policy is to be applied _a day after_ the change or it should be > enforced _as soon as_ changed? Is a "passwd" error (not reading/applying > "/etc/shadow" mandate) or a "chage" one? :-? > > Greetings, >
Even if the discussion to this topic shows that the mindays option of chage might not be very useful in most cases, it doesn't work as it should. I would like to file a new bug report, but I'm not sure against which package. I'm considering either passwd or libpam-modules. I think that I should choose the libpam-modules package, because my passwd command uses PAM and is configured as follows: > cat /etc/pam.d/passwd @include common-password > cat /etc/pam.d/common-password password required pam_cracklib.so retry=3 difok=3 minlen=12 lcredit=0 ocredit=2 minclass=3 password required pam_unix.so use_authtok md5 remember=6 I suppose that the pam_unix.so library/module should check the aging information in /etc/shadow before changing the password in this file. Am I right? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cd1ba9f.2030...@seznam.cz
