Date: Tue, 13 Jul 2010 15:40:14 -0300 From: Fernan Aguero <fernan.aguero@gmail.com> To: freebsd-questions@freebsd.org Subject: login.conf: passwordtime not enforced? Message-ID: <AANLkTinoqz7rvsvW1eGwuSDpgc0MfRcJuGErumuRozfT@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, after reading some docs about hardening freebsd installations, I decided to enforce password expiration after 90days. I've added the corresponding line to /etc/login.conf and ... after quite some time (way more than 3 months already!) nothing happens ... Just googled around, and noticed this functionality seems to be absent from the base system ... only passwd(1) seems to honor this value, but truth is, when I need to use passwd(1) it's because I want to change the password myself! There is a post that mentions that having blowfish (instead of md5) as a 'passwd_format' works ... http://www.daemonforums.org/showpost.php?s=41d1e0ba423c94357afe805dbe0b2730&p=17826&postcount=5 However, I wonder if it worked for the author of the post, only because he manually set the password expiry date using 'pw usermod [username] -p [date]' Any ideas on how to enforce this? Do I have to manually use pw(1) every 90 days? -- fernan PS: other references to this problem: http://markmail.org/message/f5b5o3vsyo7pcozf http://lists.freebsd.org/pipermail/freebsd-security/2008-September/004934.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinoqz7rvsvW1eGwuSDpgc0MfRcJuGErumuRozfT>