Date: Wed, 13 Dec 2006 09:45:05 +0000 From: Anton Shterenlikht <mexas@bristol.ac.uk> To: Erik Norgaard <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: periodic passwd change? Message-ID: <20061213094505.GA45652@mech-aslap33.men.bris.ac.uk> In-Reply-To: <457F1D38.60202@locolomo.org> References: <20061207142439.GA20896@mech-aslap33.men.bris.ac.uk> <4579D1B2.1060202@locolomo.org> <20061212121526.GA40735@mech-aslap33.men.bris.ac.uk> <457F1D38.60202@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 12, 2006 at 10:20:56PM +0100, Erik Norgaard wrote: > Anton Shterenlikht wrote: > >On Fri, Dec 08, 2006 at 09:57:22PM +0100, Erik Norgaard wrote: > >>Anton Shterenlikht wrote: > >>> I can't see how to prescribe periodic passwd change, > >>>only how to set expiry time. At the moment I put the following > >>>line in the root's crontab: > >>> > >>>2 2 2 * * pw usermod shterenl -p "`date '+\%d-\%m-\%Y'`" > >>> > >>>This makes a user's passwd expire once a month. > >>> > >>>Is there a better way to force users change their passwds periodically? > >>You can set it in login.conf, when the password is updated the next > >>expire is automatically set. > > > >I checked login.conf. It seems that passwordtime option has no effect. > >I did a brief search and found many postings describing the same problem: > >many options from login.conf have no effect. Perhaps these are the > >"RESERVED CAPABILITIES' as they are called in the man page. Some people > >list a patch that supposedly fixes the problem, but I'm not sure if it > >applies to 6.2-prerelease thatI'm running. > > > >thanks > >anton > did you remember to cap_mkdb after? from the man page: > > "Whenever changes to this, or the user's ~/.login_conf, file are made, > the modifications will not be picked up until cap_mkdb(1) is used to > compile the file into a database." > > Cheers, Erik yes, I did. Other options, e.g. passwd_prompt from Authentication category do work, but passwordtime has no effect. There are plenty of similar accounts I found on the net, e.g.: www.derkeiler.com/Mailing-Lists/FreeBSD-Security/2003-02/0039.html "Many login.conf accounting and authentication options broken Date: Mon, 3 Feb 2003 05:40:48 -0800 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: security@FreeBSD.ORG Most of the accounting options in login.conf(5) and many examples in /etc/login.conf don't seem to work. I can't even find any evidence of a mechanism to support them. (Perhaps an old-timer can tell me where one used to exist, if it used to exist.) ..." thanks anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061213094505.GA45652>