Date: Wed, 14 Jul 2010 01:19:47 +0000 From: "b. f." <bf1783@googlemail.com> To: freebsd-questions@freebsd.org Cc: Fernan Aguero <fernan.aguero@gmail.com> Subject: Re: login.conf: passwordtime not enforced? Message-ID: <AANLkTikuegIq4Pc7zN5pkm40LkkCVW3tazSwtDemNsXy@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
>after reading some docs about hardening freebsd installations, I > decided to enforce password expiration after 90days. I've added the > corresponding line to /etc/login.conf and ... after quite some time > (way more than 3 months already!) nothing happens ... If you want help, you'll have to be more specific. Exactly what changes did you make to login.conf, in what sections? Did you run 'cap_mkdb /etc/login.conf' afterwards? Did you then reset your account passwords and check the sixth colon-delimited field in /etc/master.passwd with 'date -r' for each account changed, to see if the appropriate expiration date was registered? Next time you make a change like this, test it with a short expiration time (a minute or two, say) on a non-critical account to see if works instead of waiting three months to discover that it does not. > Any ideas on how to enforce this? Do I have to manually use pw(1) every 90 days? No, you shouldn't have to if you use the feature properly. You'll be prompted immediately after login for a new password if your old one has expired. b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikuegIq4Pc7zN5pkm40LkkCVW3tazSwtDemNsXy>