login.conf: passwordtime not enforced?
bf1783 at googlemail.com
Wed Jul 14 01:19:49 UTC 2010
>after reading some docs about hardening freebsd installations, I
> decided to enforce password expiration after 90days. I've added the
> corresponding line to /etc/login.conf and ... after quite some time
> (way more than 3 months already!) nothing happens ...
If you want help, you'll have to be more specific. Exactly what
changes did you make to login.conf, in what sections? Did you run
'cap_mkdb /etc/login.conf' afterwards? Did you then reset your
account passwords and check the sixth colon-delimited field in
/etc/master.passwd with 'date -r' for each account changed, to see if
the appropriate expiration date was registered? Next time you make a
change like this, test it with a short expiration time (a minute or
two, say) on a non-critical account to see if works instead of waiting
three months to discover that it does not.
> Any ideas on how to enforce this? Do I have to manually use pw(1) every 90 days?
No, you shouldn't have to if you use the feature properly. You'll be
prompted immediately after login for a new password if your old one
More information about the freebsd-questions