Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-29-2008, 04:56 PM   #1
LQ Newbie
Registered: Nov 2008
Posts: 5

Rep: Reputation: 0
Linux Password Expiration Problem

I've had a user that couldn't login and thought the account was locked. From what I can tell, the account was not locked and had not expired yet it behaved as though it was expired and needed to be reset. Resetting the password with passwd resolved the issue. Maybe someone can point me to something I'm missing.
Here are the details:
This is an application account used on 4 systems and the passwords are manually set to match.

cat /etc/passwd shows as expected:

cat /etc/shadow also shows as expected:

faillog only showed a latest value for 1 system. All of them showed 0 failures and 0 maximum.
sudo faillog -u accountname
Username Failures Maximum Latest
accountname 0 0 Mon Dec 29 14:30:03 -0500 2008 on IPaddress

chage showed Aug 31 on 2 systems and May 8 on the other 2:
sudo chage -l accountname
Minimum: 0
Maximum: -1
Warning: 14
Inactive: -1
Last Change: Aug 31, 2008
Password Expires: Never
Password Inactive: Never
Account Expires: Never

/etc/login.defs shows:

/etc/default/useradd shows:

So from everything I can see here, we have policies in login.defs that were likely applied after the accounts were created or the accounts were changed with chage to override those settings. Everything here seems to indicate that the passwords should never expire or become inactive (Maximum -1, Inactive -1).
Am I reading something wrong or missing some other commands that would help me?
Old 12-30-2008, 11:59 AM   #2
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 306

Rep: Reputation: 38
By the sounds of it, the accounts hit the 90 definition rule and that took precedence over everything else. If the accounts were created before the rules were put in place that could confuse the system, but if not then I'm at a loss of to why that should have happened.
Old 12-30-2008, 12:01 PM   #3
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 306

Rep: Reputation: 38
BTW, my chage for non-expiring accounts says Maximum = 999999. Your's says -1. Not sure if that is an issue or not.
Old 12-30-2008, 12:12 PM   #4
LQ Newbie
Registered: Nov 2008
Posts: 5

Original Poster
Rep: Reputation: 0
found this info in some articles on web, indicating -1 should mean it doesn't check for max days.

Passing the number -1 as MAX_DAYS will remove checking a password's validity.
Passing the number -1 as the INACTIVE will remove an account's inactivity.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to force user to change password after expiration in Linux? ssy68 Linux - Newbie 4 06-30-2011 02:54 PM
RHat 9 password expiration send-more-ux Red Hat 3 10-01-2003 05:56 PM
Samba Password Expiration kharris Linux - Software 1 09-22-2003 05:25 AM
Password expiration - help klmn1 Linux - General 1 12-30-2002 11:04 PM
Password expiration klmn1 Linux - Networking 1 12-26-2002 12:08 PM

All times are GMT -5. The time now is 12:10 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration