http://qa.mandrakesoft.com/show_bug.cgi?id=1629
------- Additional Comments From [EMAIL PROTECTED] 2003-28-07 17:37 ------- One thing to keep in mind with password aging is if you disabled the password aging after you set up the user, the shadow file will still have the setting in it. To disable the aging after you setup your level.local run this command: "chage -M 99999 'username'". That should fix your aging and it will not be re-enabled again by msec. Now I have now idea if msec should do this if you add the entries above to your level.local or not. Bret. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: UNCONFIRMED creation_date: description: I have the following in my /etc/security/msec/level.local : from mseclib import * accept_bogus_error_responses(0) allow_autologin(0) allow_user_list(0) allow_xserver_to_listen(0) enable_at_crontab(0) enable_dns_spoofing_protection(1,1) enable_ip_spoofing_protection(1,1) enable_log_strange_packets(1) enable_msec_cron(1) enable_pam_wheel_for_su(1) enable_promisc_check(1) enable_security_check(1) no_password_aging_for('root') no_password_aging_for('pascal') no_password_aging_for('ivan') password_aging(180, 10) password_history(10) password_length(7) set_shell_timeout(0) set_shell_history_size(-1) But for user root this morning, I received the message that my password will expire in 6 days ! # su - pascal Warning: your password will expire in 6 days [EMAIL PROTECTED] pascal]$ rpm -q msec msec-0.38-2mdk Is level.local still interpreted correctly ? When I run msec I get this in syslog: Feb 13 20:20:51 spirit msec: ### Program is starting ### Feb 13 20:20:51 spirit msec: Reading local rules from /etc/security/msec/level.local Feb 13 20:20:51 spirit msec: Forbidding the X server to listen to tcp connection Feb 13 20:20:51 spirit msec: Allowing chkconfig --add from rpm Feb 13 20:20:51 spirit msec: Setting password maximum aging for new user to 180 Feb 13 20:20:51 spirit msec: Setting password maximum aging for root and users with id greater than 500 to 180 and delay to 10 days Feb 13 20:20:51 spirit msec: User root in password aging exception list Feb 13 20:20:51 spirit msec: User pascal in password aging exception list Feb 13 20:20:51 spirit msec: Allowing reboot to the console user Feb 13 20:20:51 spirit msec: Writing config files and then taking needed actions Feb 13 20:20:52 spirit msec: Fixing owners and permissions of files and directories Feb 13 20:20:52 spirit msec: Reading data from /usr/share/msec/perm.3 Feb 13 20:20:52 spirit msec: Reading data from /etc/security/msec/perm.local But still warning at login of pascal that my password will expire in 6 days. my shadow is : # grep pascal /etc/shadow pascal:xxxxxxxxxxxx:12042:0:60:7:30:: # grep root /etc/shadow root:xxxxxxxxxxxx:12042:0:60:7:30::
