|
6th November 2008
|
|||
|
|||
PAM and passwordtime?
According to my research... nobody seems to care that automatic password expiration is broken in FreeBSD. Notice that even when you set passwordtime in login.conf (and run cap_mkdb of course), you change your password and it doesn't update the expiry time in master.passwd.
Is there some workaround that people are using, or does nobody care?  Thanks! 
|
|
7th November 2008
|
|||
|
|||
|
Check the entry using vipw and see if that says different. I can't find anything in login.conf's man page that indicates this should work. 'passwordtime' is not used by the 'base system', but should be used by passwd.
http://www.freebsd.org/cgi/man.cgi?q...SE&format=html http://www.freebsd.org/cgi/man.cgi?q...SD+7.0-RELEASE
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
|
|
7th November 2008
|
|||
|
|||
|
Actually, it turns out there's a couple of PRs open for this, and they're a couple of years old.
I'm wondering if there's an alternative that people are using?
|
|
7th November 2008
|
|||
|
|||
|
There appears to be a few patches, though they haven't been checked in yet. They are a few years old, so they may or may not work, but you can try them out and see if they work for you:
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/93473 http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/93310 If nothing else, you can try emailing the appropriate parties to get the patches (or a patch) checked in.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! Last edited by cajunman4life; 7th November 2008 at 01:48 AM.
|
|
10th November 2008
|
|||
|
|||
|
I just tried this on my system and it works. This may be due to the fact I use blowfish for my password format.
The default class from /etc/login.conf Note that only passwd_format and and passwordtime have been changed. Code:
default:\ :passwd_format=blf:\ :passwordtime=60d:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\ :nologin=/var/run/nologin:\ :cputime=unlimited:\ :datasize=unlimited:\ :stacksize=unlimited:\ :memorylocked=unlimited:\ :memoryuse=unlimited:\ :filesize=unlimited:\ :coredumpsize=unlimited:\ :openfiles=unlimited:\ :maxproc=unlimited:\ :sbsize=unlimited:\ :vmemoryuse=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022: # cap_mkdb /etc/login.conf% passwdThen, to test the expiration, change the password expiration on your account # pw usermod YOU -p 10-11-2008Logout and then log back in. Hopefully you will be prompted to enter a new password. I am assuming it is my passwd_format selection that allows me to do this. After I ran the above commands, I did see a timestamp in the password field of my user in /etc/master.passwd, and `date -r blah` confirmed it was the same date I set my password expiration to. Last edited by ddekok; 10th November 2008 at 10:46 PM. Reason: Removed reference to pam_passwdqc as I confirmed that had nothing to do with my results
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
