FS#10744 - [shadow] passwd's options --keep-tokens and --mindays don't work
Attached to Project:
Arch Linux
Opened by Sergey Samokhin (Myav) - Monday, 23 June 2008, 19:33 GMT
Last edited by Roman Kyrylych (Romashka) - Monday, 15 November 2010, 19:12 GMT
Opened by Sergey Samokhin (Myav) - Monday, 23 June 2008, 19:33 GMT
Last edited by Roman Kyrylych (Romashka) - Monday, 15 November 2010, 19:12 GMT
|
Details
Here are two descriptions: one related to broken
--keep-tokens option and one to --mindays.
--[--keep-tokens]----------------------------------------------------- Description: Man page says that the command "passwd -k" won't have effect if my password isn't expired, but this is wrong in Archlinux. I can change any password with "passwd -k" (including not expired ones). Steps to reproduce: 1. Let's create a test user (I will type the following commands as root): > useradd -m foo 2. then let's set a password for it: > passwd foo Enter new UNIX password: bar Retype new UNIX password: bar passwd: password updated successfully 3. To make sure that the password isn't outdated type this: > passwd -S foo foo P 06/23/2008 0 99999 7 -1 99999 is enough large number of days. 4. But the password will be changed anyway if you will run "passwd -k" under foo. --[--mindays]----------------------------------------------------- Description: There is an option to limit the period between password changes - "--mindays". But this doesn't work in Archlinux. Steps to reproduce: 1. Let's create a test user: > useradd -m bar 2. with some password: > passwd bar Enter new UNIX password: 123 Retype new UNIX password: 123 passwd: password updated successfully 3. Default value of MIN_DAYS is 0, which means that user can change his/her password at any time: > passwd -S bar bar P 06/23/2008 0 99999 7 -1 Set the MIN_DAYS to 3 days by the following commands: > passwd --mindays 3 bar Password changed. > passwd -S bar bar P 06/23/2008 3 99999 7 -1 4. According to the man page, the user bar can change his password only once every three days. But this isn't true! Under bar you can change the password indefinite number of times as before! ------------------------------------------------------------------------- There are no such bugs on the latest Slax and Debian. See also: http://bbs.archlinux.org/viewtopic.php?id=50649 |
This task depends upon
Closed by Roman Kyrylych (Romashka)
Monday, 15 November 2010, 19:12 GMT
Reason for closing: Upstream
Monday, 15 November 2010, 19:12 GMT
Reason for closing: Upstream
Comment by Sergey Samokhin (Myav) -
Monday, 23 June 2008, 19:35 GMT
Comment by Glenn Matthys (RedShift) -
Friday, 05 December 2008, 22:17 GMT
Comment by
Roman Kyrylych (Romashka) - Saturday,
03 October 2009, 09:21 GMT
Comment by Henning Garus (garns) -
Saturday, 03 October 2009, 16:08 GMT
Comment by Paul Mattal (paul) -
Saturday, 06 March 2010, 21:32 GMT
Comment by
Thomas Dziedzic (tomd123) -
Saturday, 03 July 2010, 20:47 GMT
I use the latest version of shadow package at the moment:
4.0.18.2-2
What's the status of this issue?
still present
I can reproduce this on ubuntu and arch. I assume on Slax this
problem doesn't occur because passwd is not linked against libpam.
I have looked through the code of the pam_unix module and it
doesn't seem to care about PAM_CHANGE_EXPIRED_AUTHTOK at all when
handling pam_chauthtok.
This sounds like an inherent upstream issue that they would need
to fix. Has this been filed as a bug upstream?
status?