On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote:
> On 11/01/2010 11:28 AM, Lukas Baxa wrote:
[…]
>> Minimum number of days between password change : 76
>> Maximum number of days between password change : 90
>> Number of days of warning before password expires : 14
>> However, I'm able to change my password when logged in as guest as
>> many times I want the same day
> If someone learns my password on day 2, they have full access to my
> account for 74 days, or I must beg for SysAdmin help?
> "Minimum number of days" isn't a very bright idea.
I completely agree¹, but this policy should still be enforced or it
has to be made clear that this setting is deprecated and no longer
enforced.
--- chage manpage ---
-m, --mindays MIN_DAYS
Set the minimum number of days between password changes to MIN_DAYS. A
value of zero for this field indicates that the user may change his/her
password at any time.
--- snip ---
… which is clearly not working in the way it is described. I have not
reproduced this bug myself, but it is exactly that and should therefore
be reported - not by posting to d-d - but rather by executing "reportbug
passwd".
Regards
Wolodja
¹ There might be use cases though ?-)
--
.''`. Wolodja Wentland <wolodja.wentland@ed.ac.uk>
: :' :
`. `'` 4096R/CAF14EFC
`- 081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
Attachment:
signature.asc
Description: Digital signature
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.