[osol-discuss] Password MAXWEEKS in Solaris 10

Wed, 15 Nov 2006 03:25:50 -0800

All;

To implement password expiry in Solaris 10, I modified the following entry in /etc/default/passwd;

MAXWEEKS=13

The above works out to be 7 * 13 = 91 days.

However, my customer insist on a strict 90 day expiry. Is there a syntax to use DAYS instead of WEEKS in /etc/default/passwd?

Strangely, the MAN page for passwd list the following statements;

     min             The minimum number of days required  between
                     password changes for name. MINWEEKS is found
                     in /etc/default/passwd and is set to NULL.



     max             The maximum number of days the  password  is
                     valid   for   name.  MAXWEEKS  is  found  in
                     /etc/default/passwd and is set to NULL.

Note the syntax. It says ".... number of days...."

But looking up the source code in open solaris, I get

5 void
    176 turn_on_default_aging(struct spwd *spw)
    177 {
    178 	int minweeks;
    179 	int maxweeks;
    180 	int warnweeks;
    181 
    182 	if (defopen(PWADMIN) != 0) {
    183 		minweeks = MINWEEKS;
    184 		maxweeks = MAXWEEKS;
    185 		warnweeks = WARNWEEKS;
    186 	} else {
    187 		minweeks = def_getuint("MINWEEKS=", MINWEEKS);
    188 		maxweeks = def_getuint("MAXWEEKS=", MAXWEEKS);
    189 		warnweeks = def_getuint("WARNWEEKS=", WARNWEEKS);
    190 		(void) defopen(NULL);
    191 	}
    192 
    193 	/*
    194 	 * The values specified in /etc/default/passwd are interpreted
    195 	 * in a specific way. Special cases are
    196 	 *   MINWEEKS==0 (results in sp_min = -1)
    197 	 *   MAXWEEKS==0 (results in sp_max = default)
    198 	 */
    199 	spw->sp_min = 7 * minweeks;
    200 	if (spw->sp_min <= 0)
    201 		spw->sp_min = -1;
    202 
    203 	spw->sp_max = 7 * maxweeks;
    204 	if (spw->sp_max == 0)
    205 		spw->sp_max = 7 * MAXWEEKS;
    206 	if (spw->sp_max < 0)
    207 		spw->sp_max = -1;
    208 
    209 	spw->sp_warn = 7 * warnweeks;
    210 	if (spw->sp_warn <= 0)
    211 		spw->sp_warn = -1;
    212 }

Sure seems like we can only specify in terms of weeks? Is there a way around this?

Warmest Regards
Steven Sim




Fujitsu Asia Pte. Ltd.
_____________________________________________________

This e-mail is confidential and may also be privileged. If you are not the intended recipient, please notify us immediately. You should not copy or use it for any purpose, nor disclose its contents to any other person.

Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it.




_______________________________________________
opensolaris-discuss mailing list
[email protected]

Reply via email to