[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Redhat 6.1 Null PW change



On Thu, 13 Apr 2000, hrdware wrote:

> 	I created (with the help of many on this list :) an
> account for my BBS system, which has a null pw field. It
> was quite some hassle getting PAM to let users through
> without a pw, but now it seems like every once in awhile
> pam gets it in it's head that the pw for that account (even
> if it is null) has expired. A friend of mine noticed it and said
> he had gotten rid of it. But he didn't, a week later it happened
> again. I just changed the pw (it would have let anyone change
> it?) and then nulled it again by deleting the pw in the shadow
> file.

> First off, which file in the PAM directory controls logins for
> user accounts? login? other? both in some kind of order?

> Secondly, what is the best way to tell pam to leave that 
> account be.. let it live it's live in promiscuous freedom!

What PAM is doing here is respecting the expiry information stored in your
/etc/shadow file.  If you don't want the account to expire, you need to change
the 'max_change_passwd' field (the fifth field) in the shadow file.

Sample shadow entry w/ max_change_passwd field set:

foof:*:10449:0:70:14:10::134551536

shadow entry for an account whose password doesn't have to be changed:

foof:*:10449:0::14:10::134551536

It's also common to use '99999' as the max_change value, which you can do
easily from the commandline with the command 'chage -M 99999 <user>'.

HTH,
Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []