Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#10744 - [shadow] passwd's options --keep-tokens and --mindays don't work

Attached to Project: Arch Linux
Opened by Sergey Samokhin (Myav) - Monday, 23 June 2008, 19:33 GMT
Last edited by Roman Kyrylych (Romashka) - Monday, 15 November 2010, 19:12 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Aaron Griffin (phrakture)
Thomas B├Ąchler (brain0)
Architecture All
Severity Medium
Priority Normal
Reported Version 2007.08-2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Here are two descriptions: one related to broken --keep-tokens option and one to --mindays.


Man page says that the command "passwd -k" won't have effect if my password isn't expired, but this is wrong in Archlinux. I can change any password with "passwd -k" (including not expired ones).

Steps to reproduce:

1. Let's create a test user (I will type the following commands as root):

> useradd -m foo

2. then let's set a password for it:

> passwd foo
Enter new UNIX password: bar
Retype new UNIX password: bar
passwd: password updated successfully

3. To make sure that the password isn't outdated type this:

> passwd -S foo
foo P 06/23/2008 0 99999 7 -1

99999 is enough large number of days.

4. But the password will be changed anyway if you will run "passwd -k" under foo.


There is an option to limit the period between password changes - "--mindays". But this doesn't work in Archlinux.

Steps to reproduce:

1. Let's create a test user:

> useradd -m bar

2. with some password:

> passwd bar
Enter new UNIX password: 123
Retype new UNIX password: 123
passwd: password updated successfully

3. Default value of MIN_DAYS is 0, which means that user can change his/her password at any time:

> passwd -S bar
bar P 06/23/2008 0 99999 7 -1

Set the MIN_DAYS to 3 days by the following commands:

> passwd --mindays 3 bar
Password changed.
> passwd -S bar
bar P 06/23/2008 3 99999 7 -1

4. According to the man page, the user bar can change his password only once every three days. But this isn't true! Under bar you can change the password indefinite number of times as before!


There are no such bugs on the latest Slax and Debian.

See also:
This task depends upon

Closed by  Roman Kyrylych (Romashka)
Monday, 15 November 2010, 19:12 GMT
Reason for closing:  Upstream
Comment by Sergey Samokhin (Myav) - Monday, 23 June 2008, 19:35 GMT
I use the latest version of shadow package at the moment:
Comment by Glenn Matthys (RedShift) - Friday, 05 December 2008, 22:17 GMT
What's the status of this issue?
Comment by Roman Kyrylych (Romashka) - Saturday, 03 October 2009, 09:21 GMT
still present
Comment by Henning Garus (garns) - Saturday, 03 October 2009, 16:08 GMT
I can reproduce this on ubuntu and arch. I assume on Slax this problem doesn't occur because passwd is not linked against libpam. I have looked through the code of the pam_unix module and it doesn't seem to care about PAM_CHANGE_EXPIRED_AUTHTOK at all when handling pam_chauthtok.
Comment by Paul Mattal (paul) - Saturday, 06 March 2010, 21:32 GMT
This sounds like an inherent upstream issue that they would need to fix. Has this been filed as a bug upstream?
Comment by Thomas Dziedzic (tomd123) - Saturday, 03 July 2010, 20:47 GMT