Re: password minimum days problem

To: debian-security@lists.debian.org
Subject: Re: password minimum days problem
From: Michelle Konzack <linux4michelle@freenet.de>
Date: Fri, 26 May 2006 22:20:00 +0200
Message-id: <[🔎] QtY2Z.A.bX.m2FfEB@mobilix.private>
In-reply-to: <[🔎] 20060518213925.GB27442@mini.alaya.net>
References: <[🔎] 20060518213925.GB27442@mini.alaya.net>

Am 2006-05-18 14:39:25, schrieb prosolutions@gmx.net:
> 
> Here's the issue.  If PASS_MIN_DAYS is set to some value in
> /etc/login.defs, this defines the minimum number of days a user must
> keep the same password.  This is intended to prevent "password cycling".
> "Password cycling" is when a password history is used and the new
> password is required to be different than the N previous ones.  If
> there's no PASS_MIN_DAYS set then the user can immediately cycle through
> N passwords to get their old one back.
> 
> But the problem I'm having is this: when I set PASS_MIN_DAYS to some
> value, it seems that the user account must be deleted and recreated for
> the new setting to take affect.  This is all good and fine, but when I
> initially create the new user, I give them some default password that
> they should have to change right away.  However PASS_MIN_DAYS is
> preventing this from happening.
> 
> So how to have PASS_MIN_DAYS set but to allow/require the new user to
> change his password on the first login?

Write a script which change the fields in /etc/shadow

+---[ man 'shadow' ]--------------------------------------------------
| 
| SHADOW(5)                                                SHADOW(5)
| 
| NAME
|        shadow - encrypted password file
| 
| DESCRIPTION
|        shadow  contains  the  encrypted  password  information for
|        user's accounts and optional the  password  aging  informa-
|        tion.  Included is
| 
|             Login name
| 
|             Encrypted password
| 
|             Days since Jan 1, 1970 that password was last changed
| 
|             Days before password may be changed
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
              So you should change the 4th field.
| 
|             Days after which password must be changed
| 
|             Days before password is to expire that user is warned
| 
|             Days after password expires that account is disabled
| 
|             Days since Jan 1, 1970 that account is disabled
| 
|             A reserved field
+---------------------------------------------------------------------

Greetings
    Michelle Konzack


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Reply to:

Follow-Ups:
- Re: password minimum days problem
  - From: Stephen Gran <sgran@debian.org>

References:
- password minimum days problem
  - From: prosolutions@gmx.net

Prev by Date: Re: [SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
Next by Date: Re: password minimum days problem
Previous by thread: Re: password minimum days problem
Next by thread: Re: password minimum days problem
Index(es):
- Date
- Thread