[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM, passwd and shadow utilities



On Mon, 14 Jun 1999, Richard Sharpe wrote:

> on a RedHat 5.2 system and a TurboLinux 3.4.0 system, both with pam-0.64,
> if I do the following:

> pwconv
> chage -m 3 user1

> Then if I log in as user1, I can change my password as many times as I want
> in a few minutes.

> I thought that the above chage command said that passwords had a minimum
> lifetime of 3 days. 

> Hmmm, I have just checked that I do not have -M and -m reversed, and that
> chage does not have them reversed either.

> It seems that pam_pwdb.so does not handle the /etc/shadow functions
> correctly. I have added the shadow keyword to the password line in
> /etc/pam.d/passwd.

> Can anyone comment?

The chage command you list above is, AFAIK, correct.  However, a quick grep
through the pam_pwdb source shows that it makes no effort to check this
value before allowing the user to change the password.  Neither does
pam_unix right now.  I'll make a note to add this to pam_unix_passwd
sometime soon, assuming no one else gets to it first.  Would anyone like to
make the necessary changes to pam_pwdb as well?

-Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []