>after reading some docs about hardening freebsd installations, I > decided to enforce password expiration after 90days. I've added the > corresponding line to /etc/login.conf and ... after quite some time > (way more than 3 months already!) nothing happens ...
If you want help, you'll have to be more specific. Exactly what changes did you make to login.conf, in what sections? Did you run 'cap_mkdb /etc/login.conf' afterwards? Did you then reset your account passwords and check the sixth colon-delimited field in /etc/master.passwd with 'date -r' for each account changed, to see if the appropriate expiration date was registered? Next time you make a change like this, test it with a short expiration time (a minute or two, say) on a non-critical account to see if works instead of waiting three months to discover that it does not. > Any ideas on how to enforce this? Do I have to manually use pw(1) every 90 > days? No, you shouldn't have to if you use the feature properly. You'll be prompted immediately after login for a new password if your old one has expired. b. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
