From owner-freebsd-security Mon Feb 3 5:40:55 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7EFB37B401 for ; Mon, 3 Feb 2003 05:40:52 -0800 (PST) Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23BA743FB1 for ; Mon, 3 Feb 2003 05:40:52 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h13DemZh000978 for ; Mon, 3 Feb 2003 05:40:48 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h13DemWS000977 for security@FreeBSD.ORG; Mon, 3 Feb 2003 05:40:48 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Mon, 3 Feb 2003 05:40:48 -0800 From: David Schultz To: security@FreeBSD.ORG Subject: Many login.conf accounting and authentication options broken Message-ID: <20030203134047.GA475@HAL9000.homeunix.com> Mail-Followup-To: security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Most of the accounting options in login.conf(5) and many examples in /etc/login.conf don't seem to work. I can't even find any evidence of a mechanism to support them. (Perhaps an old-timer can tell me where one used to exist, if it used to exist.) Please let me know if I'm missing something here. Some of these features are useful. For instance, it would be nice if passwd respected passwordtime when updating a password, rather than disabling password expiration whenever a user changes his password.[1] Others, such as autodelete and sessiontime, seem less useful. Do people have comments on any of the unimplemented items in the following list? I have a good mind to ask that the useless ones be removed from the documentation, and if I have time in the next few weeks I may implement some of the missing functionality. minpasswordlen (superseded by pam_passwdqc; needs doc update) minpasswordcase (superseded by pam_passwdqc; needs doc update) autodelete accounted bootfull daytime expireperiod graceexpire gracetime host.accounted host.exempt idletime monthtime passwordtime refreshtime refreshperiod sessiontime sessionlimit ttys.accounted ttys.exempt warntime weektime [1] Passwordtime works in 4.x, but support was apparently removed accidentally in the PAMification process. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message