On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote: > On 11/01/2010 11:28 AM, Lukas Baxa wrote: […] >> Minimum number of days between password change : 76 >> Maximum number of days between password change : 90 >> Number of days of warning before password expires : 14 >> However, I'm able to change my password when logged in as guest as >> many times I want the same day > If someone learns my password on day 2, they have full access to my > account for 74 days, or I must beg for SysAdmin help? > "Minimum number of days" isn't a very bright idea. I completely agree¹, but this policy should still be enforced or it has to be made clear that this setting is deprecated and no longer enforced. --- chage manpage --- -m, --mindays MIN_DAYS Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change his/her password at any time. --- snip --- … which is clearly not working in the way it is described. I have not reproduced this bug myself, but it is exactly that and should therefore be reported - not by posting to d-d - but rather by executing "reportbug passwd". Regards Wolodja ¹ There might be use cases though ?-) -- .''`. Wolodja Wentland <firstname.lastname@example.org> : :' : `. `'` 4096R/CAF14EFC `- 081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
Description: Digital signature
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.