minimum number of days between password change

Lukas Baxa
Wed, 17 Mar 2010 00:52:48 -0700

Hi,

I created an account guest to test password aging.
The aging info of this account is following:

> chage -l guest
Last password change                                    : Mar 16, 2010
Password expires                                        : Jun 14, 2010
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 76
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 14

However, I'm able to change my password when logged in as guest

as many times I want the same day, even if minimum number of daysbetween password change is set to a non-zero value.


Does anybody know where the problem can be? I'm using debian lenny
(installed two month ago or so) and I'm using PAM. The file
/etc/pam.d/passwd looks as follows:

> cd /etc/pam.d
> cat passwd

@include common-password

> cat common-password

password required pam_cracklib.so retry=3 difok=3 minlen=12lcredit=0 ocredit=2 minclass=3

password required         pam_unix.so use_authtok md5 remember=6

The pam_cracklib module works fine and I suposse that password aginginfo should be checked by pam_unix. However, it doesn't work when

using passwd from the command line.

On the other hand, the maximum number of days between password change
works fine and if the user guest logs in after the timeout expires,
guest is forced to change his password before login.

Can anybody give me a clue?

Thanks,

Lukas


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4b9fe960.2070...@seznam.cz

Reply via email to