login.conf: passwordtime not enforced?

Fernan Aguero fernan.aguero at gmail.com
Tue Jul 13 18:40:37 UTC 2010


after reading some docs about hardening freebsd installations, I
decided to enforce password expiration after 90days. I've added the
corresponding line to /etc/login.conf and ... after quite some time
(way more than 3 months already!) nothing happens ...

Just googled around, and noticed this functionality seems to be absent
from the base system ... only passwd(1) seems to honor this value, but
truth is, when I need to use passwd(1) it's because I want to change
the password myself!

There is a post that mentions that having blowfish (instead of md5) as
a 'passwd_format' works ...

However, I wonder if it worked for the author of the post, only
because he manually set the password expiry date using 'pw usermod
[username] -p [date]'

Any ideas on how to enforce this? Do I have to manually use pw(1) every 90 days?


PS: other references to this problem:

More information about the freebsd-questions mailing list