Password Expiration?

[folivora]

Hi,

I've issues with password expiration.

I've edited /etc/login.conf by adding following lines:

:minpasswordlen=8:\
:mixpasswordcase=true:\
:passwordtime=90d:\

After editing /etc/login.conf I issued [CMD=]"cap_mkdb /etc/login.conf"[/CMD].

I created test user, after creating test user I did check /etc/master.passwd and the 6th column is still 0.

I wonder what I've done wrong?

Best Regards

Folivora

 

[SirDice]

Use pw(8) like so
# pw usermod -p 90d test_user

 

[folivora]

Hey.

I used pw to change the expiration day of existing users in the system. So do you mean that every time when I create new user, I should use pw to determine passwords expiration day?

Then second question is, let's say that I use the [CMD=]pw usermod -d 90 test_user[/CMD] command. Does test_user's password expire every 90 days? Or is it needed to determine new 90 days after first 90 days?


Best Regards

Folivora

 

[SirDice]

I had to look this up, I never use it :e

Anyway, the -p 90 will set the password to expire in 90 days. You don't need to set it everytime.

As for login.conf, both minpasswordlen and mixpasswordcase don't do anything. The passwordtime however should work. You won't see the 90 days in the fields of master.passwd as they are set on the class, not a specific user.

 

[lme@]

If you also want to enforce password complexity, take a look at pam_passwdqc(8).

 

[anomie]

I used pw to change the expiration day of existing users in the system. So do you mean that every time when I create new user, I should use pw to determine passwords expiration day?]

I think your user class / passwordtime changes will be in effect for any new users you create (in said user class) going forward. This would be easy to confirm by testing.

For existing users, you'll simply apply the change manually via pw(8).