Re: minimum number of days between password change
On Mon, 01 Nov 2010 21:35:20 +0000, Wolodja Wentland wrote:
> On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote:
>>> However, I'm able to change my password when logged in as guest as
>>> many times I want the same day
>
>> If someone learns my password on day 2, they have full access to my
>> account for 74 days, or I must beg for SysAdmin help?
>
>> "Minimum number of days" isn't a very bright idea.
>
> I completely agree¹, but this policy should still be enforced or it has
> to be made clear that this setting is deprecated and no longer enforced.
+1 for the enforcement.
> --- chage manpage ---
> -m, --mindays MIN_DAYS
(...)
> … which is clearly not working in the way it is described. I have not
> reproduced this bug myself, but it is exactly that and should therefore
> be reported - not by posting to d-d - but rather by executing "reportbug
> passwd".
I've tried in a lenny box and faced the same behaviour than the OP. Maybe
the new policy is to be applied _a day after_ the change or it should be
enforced _as soon as_ changed? Is a "passwd" error (not reading/applying
"/etc/shadow" mandate) or a "chage" one? :-?
Greetings,
--
Camaleón
Reply to: