I submitted:
https://sourceforge.net/tracker/?func=detail&aid=2730965&group_id=6663&atid=106663
to get the same behavior when a password is changed on 1970 01 01 with
PAM.
Michael, in you patch, is it really needed to raise a warning?
** Bug watch added: SourceForge.net Tracker #2730965
htt
I think the proper place to fix PAM's sp_lstchg handling bug is in PAM.
Nevertheless, it's not urgent and can be left until later. I'd rather
make minimal necessary changes to shadow at this point.
I can't think of anything else besides shadow.
Uploaded, thanks!
--
if system date is set to 01-0
This bug was fixed in the package shadow - 1:4.1.1-6ubuntu4
---
shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
* debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
- If the system clock is set to Jan 01, 1970, and a new user is created
the last change
Here's a revised debdiff that corrects all the issues as well as makes
the change in all parts of shadow (and properly displays the warning).
w.r.t. to pam and the expiration date, maybe we should also properly
disable those fields and have no default set (I have a patch that fixes
that by comment
Trivial comments first: there's a duplicate patch file in the debdiff;
it looks like the patch isn't consistently using the same tab/space
conventions as the original source.
I checked glibc, and it does indeed consistently interpret an empty
sp_lstchg field as -1.
I checked PAM (modules/pam_unix
Here's a potential fix. Here's the changelog
* debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
- If the system clock is set to Jan 01, 1970, and a new user is created
the last changed field gets set to 0, which tells login that the
password is expired an
** Changed in: shadow (Ubuntu)
Status: Confirmed => In Progress
--
if system date is set to 01-01-1970 users are enforced to update their password
https://bugs.launchpad.net/bugs/349504
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
I've been looking into this bug, and the problem comes from how adduser
(which calls useradd) places an account into /etc/shadow. Based on the
default options, here is what a test account from /etc/shadow looks like
test:$6$34MquWg3$Nar6/FMoE6Aj3AgcpNgbPQq.Ww2CowvAWeujm7qt9AdqskPtrLj3we4hYw8JsGSA6
** Changed in: shadow (Ubuntu)
Status: New => Confirmed
** Changed in: shadow (Ubuntu)
Assignee: (unassigned) => Michael Casadevall (mcasadevall)
--
if system date is set to 01-01-1970 users are enforced to update their password
https://bugs.launchpad.net/bugs/349504
You received thi