periodic passwd change?
Anton Shterenlikht
mexas at bristol.ac.uk
Wed Dec 13 01:48:13 PST 2006
On Tue, Dec 12, 2006 at 10:20:56PM +0100, Erik Norgaard wrote:
> Anton Shterenlikht wrote:
> >On Fri, Dec 08, 2006 at 09:57:22PM +0100, Erik Norgaard wrote:
> >>Anton Shterenlikht wrote:
> >>> I can't see how to prescribe periodic passwd change,
> >>>only how to set expiry time. At the moment I put the following
> >>>line in the root's crontab:
> >>>
> >>>2 2 2 * * pw usermod shterenl -p "`date '+\%d-\%m-\%Y'`"
> >>>
> >>>This makes a user's passwd expire once a month.
> >>>
> >>>Is there a better way to force users change their passwds periodically?
> >>You can set it in login.conf, when the password is updated the next
> >>expire is automatically set.
> >
> >I checked login.conf. It seems that passwordtime option has no effect.
> >I did a brief search and found many postings describing the same problem:
> >many options from login.conf have no effect. Perhaps these are the
> >"RESERVED CAPABILITIES' as they are called in the man page. Some people
> >list a patch that supposedly fixes the problem, but I'm not sure if it
> >applies to 6.2-prerelease thatI'm running.
> >
> >thanks
> >anton
> did you remember to cap_mkdb after? from the man page:
>
> "Whenever changes to this, or the user's ~/.login_conf, file are made,
> the modifications will not be picked up until cap_mkdb(1) is used to
> compile the file into a database."
>
> Cheers, Erik
yes, I did. Other options, e.g. passwd_prompt from
Authentication category do work, but passwordtime has no effect.
There are plenty of similar accounts I found on the net, e.g.:
www.derkeiler.com/Mailing-Lists/FreeBSD-Security/2003-02/0039.html
"Many login.conf accounting and authentication options broken
Date: Mon, 3 Feb 2003 05:40:48 -0800
From: David Schultz <dschultz at uclink.Berkeley.EDU>
To: security at FreeBSD.ORG
Most of the accounting options in login.conf(5) and many examples
in /etc/login.conf don't seem to work. I can't even find any
evidence of a mechanism to support them. (Perhaps an old-timer
can tell me where one used to exist, if it used to exist.) ..."
thanks
anton
More information about the freebsd-questions
mailing list