LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 12-29-2008, 05:56 PM   #1
MaureenT
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Rep: Reputation: 0
Linux Password Expiration Problem


I've had a user that couldn't login and thought the account was locked. From what I can tell, the account was not locked and had not expired yet it behaved as though it was expired and needed to be reset. Resetting the password with passwd resolved the issue. Maybe someone can point me to something I'm missing.
Here are the details:
This is an application account used on 4 systems and the passwords are manually set to match.

cat /etc/passwd shows as expected:
accountname:x:4101:2100:accountdescription:/sbin/nologin

cat /etc/shadow also shows as expected:
accountname:passwordhash:14122:0::14:::

faillog only showed a latest value for 1 system. All of them showed 0 failures and 0 maximum.
sudo faillog -u accountname
Username Failures Maximum Latest
accountname 0 0 Mon Dec 29 14:30:03 -0500 2008 on IPaddress


chage showed Aug 31 on 2 systems and May 8 on the other 2:
sudo chage -l accountname
Minimum: 0
Maximum: -1
Warning: 14
Inactive: -1
Last Change: Aug 31, 2008
Password Expires: Never
Password Inactive: Never
Account Expires: Never

/etc/login.defs shows:
PASS_MAX_DAYS 90
PASS_MIN_DAYS 0
PASS_MIN_LEN 8
PASS_WARN_AGE 14


/etc/default/useradd shows:
INACTIVE=-1
EXPIRE=

So from everything I can see here, we have policies in login.defs that were likely applied after the accounts were created or the accounts were changed with chage to override those settings. Everything here seems to indicate that the passwords should never expire or become inactive (Maximum -1, Inactive -1).
Am I reading something wrong or missing some other commands that would help me?
 
Old 12-30-2008, 12:59 PM   #2
arckane
Member
 
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 306

Rep: Reputation: 38
By the sounds of it, the accounts hit the 90 definition rule and that took precedence over everything else. If the accounts were created before the rules were put in place that could confuse the system, but if not then I'm at a loss of to why that should have happened.
 
Old 12-30-2008, 01:01 PM   #3
arckane
Member
 
Registered: Sep 2005
Location: UK
Distribution: Gentoo/Debian/Ubuntu
Posts: 306

Rep: Reputation: 38
BTW, my chage for non-expiring accounts says Maximum = 999999. Your's says -1. Not sure if that is an issue or not.
 
Old 12-30-2008, 01:12 PM   #4
MaureenT
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Original Poster
Rep: Reputation: 0
found this info in some articles on web, indicating -1 should mean it doesn't check for max days.

Passing the number -1 as MAX_DAYS will remove checking a password's validity.
Passing the number -1 as the INACTIVE will remove an account's inactivity.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to force user to change password after expiration in Linux? ssy68 Linux - Newbie 4 06-30-2011 03:54 PM
RHat 9 password expiration send-more-ux Red Hat 3 10-01-2003 06:56 PM
Samba Password Expiration kharris Linux - Software 1 09-22-2003 06:25 AM
Password expiration - help klmn1 Linux - General 1 12-31-2002 12:04 AM
Password expiration klmn1 Linux - Networking 1 12-26-2002 01:08 PM


All times are GMT -5. The time now is 09:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration