Your message dated Thu, 14 Jul 2011 15:47:20 +0200
with message-id <20110714134720.GA329@nicolas>
and subject line Re: Bug#602430: minimum number of days between password change
doesn't have effect
has caused the Debian Bug report #602430,
regarding minimum number of days between password change doesn't have effect
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
602430: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602430
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: passwd
Version: 1:4.1.1-6+lenny1
Hi,
I created an account guest to test password aging.
The aging info of this account is following:
> chage -l guest
Last password change : Nov 01, 2010
Password expires : Jan 30, 2011
Password inactive : never
Account expires : never
Minimum number of days between password change : 76
Maximum number of days between password change : 90
Number of days of warning before password expires : 14
However, I'm able to change my password when logged in as guest
as many times I want the same day, even if minimum number of days
between password change is set to a non-zero value.
I'm using an up-to-date debian lenny (5.0.6 nowadays) and I'm using PAM.
I'm using shadow and md5 passwords.
The file /etc/pam.d/passwd looks as follows:
> cd /etc/pam.d
> cat passwd
@include common-password
> cat common-password
password required pam_cracklib.so retry=3 difok=3 minlen=12
lcredit=0 ocredit=2 minclass=3
password required pam_unix.so use_authtok md5 remember=6
The pam_cracklib module works fine and I suposse that password aging
info should be checked by pam_unix. However, it doesn't work properly
when using passwd from the command line.
On the other hand, the maximum number of days between password change
works fine and if the user guest logs in after the timeout expires,
guest is forced to change his password before login.
Lukas
--- End Message ---
--- Begin Message ---
Hello,
On Thu, Nov 04, 2010 at 08:28:16PM +0100, Lukas Baxa wrote:
>
> I created an account guest to test password aging.
> The aging info of this account is following:
>
> > chage -l guest
> Last password change : Nov 01, 2010
> Password expires : Jan 30, 2011
> Password inactive : never
> Account expires : never
> Minimum number of days between password change : 76
> Maximum number of days between password change : 90
> Number of days of warning before password expires : 14
>
> However, I'm able to change my password when logged in as guest
> as many times I want the same day, even if minimum number of days
> between password change is set to a non-zero value.
I cannot reproduce it at this time.
>From the shadow point of view, I do not see an issue.
Only PAM is doing the enforcement.
It might be that this was fixed in the mean time in PAM.
Please reassign to pam if you need to reopen.
Best Regards,
--
Nekral
--- End Message ---
