https://qa.mandrakesoft.com/show_bug.cgi?id=1629

           Product: msec
         Component: msec
           Summary: msec no_password_aging_for('toto') in level.local
                    ineffective
           Version: 0.37-1mdk
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: major
          Priority: P2
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


I have the following in my /etc/security/msec/level.local : 
 
from mseclib import * 
accept_bogus_error_responses(0) 
allow_autologin(0) 
allow_user_list(0) 
allow_xserver_to_listen(0) 
enable_at_crontab(0) 
enable_dns_spoofing_protection(1,1) 
enable_ip_spoofing_protection(1,1) 
enable_log_strange_packets(1) 
enable_msec_cron(1) 
enable_pam_wheel_for_su(1) 
enable_promisc_check(1) 
enable_security_check(1) 
no_password_aging_for('root')  
no_password_aging_for('pascal') 
no_password_aging_for('ivan') 
password_aging(180, 10) 
password_history(10) 
password_length(7) 
set_shell_timeout(0) 
set_shell_history_size(-1) 
 
But for user root this morning, I received the message that 
my password will expire in 6 days ! 
 
# su - pascal 
Warning: your password will expire in 6 days 
[pascal@spirit pascal]$ rpm -q msec 
msec-0.38-2mdk 
 
Is level.local still interpreted correctly ? 
 
When I run msec I get this in syslog: 
Feb 13 20:20:51 spirit msec: ### Program is starting ### 
Feb 13 20:20:51 spirit msec: Reading local rules from 
/etc/security/msec/level.local 
Feb 13 20:20:51 spirit msec: Forbidding the X server to 
listen to tcp connection 
Feb 13 20:20:51 spirit msec: Allowing chkconfig --add 
from rpm 
Feb 13 20:20:51 spirit msec: Setting password maximum 
aging for new user to 180 
Feb 13 20:20:51 spirit msec: Setting password maximum 
aging for root and users with id greater than 500 to 180 
and delay to 10 days 
Feb 13 20:20:51 spirit msec: User root in password aging 
exception list 
Feb 13 20:20:51 spirit msec: User pascal in password aging 
exception list 
Feb 13 20:20:51 spirit msec: Allowing reboot to the 
console user 
Feb 13 20:20:51 spirit msec: Writing config files and then 
taking needed actions 
Feb 13 20:20:52 spirit msec: Fixing owners and 
permissions of files and directories 
Feb 13 20:20:52 spirit msec: Reading data from 
/usr/share/msec/perm.3 
Feb 13 20:20:52 spirit msec: Reading data from 
/etc/security/msec/perm.local 
 
But still warning at login of pascal that my password will 
expire in 6 days. 
 
my shadow is : 
# grep pascal /etc/shadow 
pascal:xxxxxxxxxxxx:12042:0:60:7:30:: 
# grep root /etc/shadow 
root:xxxxxxxxxxxx:12042:0:60:7:30::



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Reply via email to