Password expire for root not working?

icecoke · Nov 20, 2013

When I set the password expire as root for root to e.g. one minute, exit and su - again, than I'm warned (by PAM?) that my password is about to expire. When I exit again to su - again long after the expire date, nothing happens. No one is forcing me to change the password nor informing me about that it is expired:

Code:

[root@testvs2 ~]# pw usermod -p +1m -u root
[root@testvs2 ~]# exit
logout
[admin@testvs2 ~]# su -
Password:
Warning: your password expires on Tue Nov 19 23:57:37 2013
[root@testvs2 ~]# date
Di 19 Nov 2013 23:56:45 CET
[root@testvs2 ~]# exit
logout
[admin@testvs2 ~]# su -
Password:
[root@testvs2 ~]# date
Mi 20 Nov 2013 09:54:18 CET
[root@testvs2 ~]# exit
logout

So, what is wrong here? What do I miss, if it's possible at all to force root for change his password?

icecoke · Nov 23, 2013

No one?

icecoke · Dec 3, 2013

Just for the ones who might ask themselves the same question:

First - it does happen for all users, not only root. The reason was, there is no password management handler in pam.d/su by default and the 'reminder' about expiring comes from the account management handler in PAM. This is calling pam_sm_chauthtok but if no handler for the password things is set, nothing happens.

So adding e.g. simply this to the PAM file in question does the trick:

Code:

# password
password        required        pam_unix.so             no_warn try_first_pass

Gracias!

fonz · Dec 3, 2013

icecoke said:
So adding e.g. simply this to the PAM file in question does the trick:

Thanks for sharing

Password expire for root not working?

icecoke

icecoke

icecoke

fonz