[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Auth-Type = System & Password Aging
From:       "Alan DeKok" <aland () ox ! org>
Date:       2003-03-31 20:56:18
[Download RAW message or body]

"Andrew Grimmett" <agrimmett@lssi.net> wrote:
> I looked at the rlm_unix module and it appears that it is only rejecting
> the authentication request if the shadow file has an Expiration date
> such as YYYY-MM-DD.

  Not from what I can see.

> Should or will be the maximum days the password is
> valid for compared against the last change date in the shadow file
> before the users account is locked, be part of the rlm_unix module
> reject once the password is older than the maximum age allowed?

  I'm not sure what that means.

  See 'man shadow'.  The 'sp_expire' field is the data when the
password expires.

> Shadow File with aging from Red Hat 7.3:
> 
> Username:password:12069:0:180:7:1::
> 
> The 12069 is date of last change.
> 
> The 180 is maximum days the password is valid for.

  No, it's the date when the user is required to change their
password.  See the 'man' pages.

  You don't have a password expiry field set in that entry.

  Alan DeKok.


[prev in list] [next in list] [prev in thread] [next in thread]