password minimum days problem

To: debian-security@lists.debian.org
Subject: password minimum days problem
From: prosolutions@gmx.net
Date: Thu, 18 May 2006 14:39:25 -0700
Message-id: <[🔎] 20060518213925.GB27442@mini.alaya.net>
Reply-to: prosolutions@gmx.net

Here's the issue.  If PASS_MIN_DAYS is set to some value in
/etc/login.defs, this defines the minimum number of days a user must
keep the same password.  This is intended to prevent "password cycling".
"Password cycling" is when a password history is used and the new
password is required to be different than the N previous ones.  If
there's no PASS_MIN_DAYS set then the user can immediately cycle through
N passwords to get their old one back.

But the problem I'm having is this: when I set PASS_MIN_DAYS to some
value, it seems that the user account must be deleted and recreated for
the new setting to take affect.  This is all good and fine, but when I
initially create the new user, I give them some default password that
they should have to change right away.  However PASS_MIN_DAYS is
preventing this from happening.

So how to have PASS_MIN_DAYS set but to allow/require the new user to
change his password on the first login?

Reply to:

Follow-Ups:
- Re: password minimum days problem
  - From: Michael Stone <mstone@debian.org>
- Re: password minimum days problem
  - From: Michelle Konzack <linux4michelle@freenet.de>

Prev by Date: Re: INFECTED (PORTS: 600)
Next by Date: Re: password minimum days problem
Previous by thread: Re: INFECTED (PORTS: 600)
Next by thread: Re: password minimum days problem
Index(es):
- Date
- Thread