From owner-freebsd-bugs@FreeBSD.ORG Mon Feb 13 21:40:06 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 62BD916A422 for ; Mon, 13 Feb 2006 21:40:06 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3ABD43D45 for ; Mon, 13 Feb 2006 21:40:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1DLe5gd018001 for ; Mon, 13 Feb 2006 21:40:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1DLe5XE017999; Mon, 13 Feb 2006 21:40:05 GMT (envelope-from gnats) Resent-Date: Mon, 13 Feb 2006 21:40:05 GMT Resent-Message-Id: <200602132140.k1DLe5XE017999@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jan Srzednicki Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE45316A420 for ; Mon, 13 Feb 2006 21:37:10 +0000 (GMT) (envelope-from winfried@oak.pl) Received: from oak.pl (mx.oak.pl [217.96.108.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5693443D70 for ; Mon, 13 Feb 2006 21:37:07 +0000 (GMT) (envelope-from winfried@oak.pl) Received: by oak.pl (Postfix, from userid 1002) id E79F917037; Mon, 13 Feb 2006 22:37:04 +0100 (CET) Message-Id: <20060213213704.E79F917037@oak.pl> Date: Mon, 13 Feb 2006 22:37:04 +0100 (CET) From: Jan Srzednicki To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: mcl@mclhq.com Subject: bin/93310: pam_unix ignores 'passwordtime' from login.conf X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2006 21:40:06 -0000 >Number: 93310 >Category: bin >Synopsis: pam_unix ignores 'passwordtime' from login.conf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 13 21:40:04 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Jan Srzednicki >Release: FreeBSD 6.0-STABLE i386 >Organization: none >Environment: System: FreeBSD oak.pl 6.0-STABLE FreeBSD 6.0-STABLE #1: Wed Feb 1 17:46:40 CET 2006 >Description: The 'passwordtime' field in login.conf should be used by the password changing, so that administrator can enforce password change every given fixed period of time. However, as now passwd(1) uses pam_unix(8) to do the actual password change, that functionality is gone, because pam_unix does not support it. >How-To-Repeat: Set the 'passwordtime' field in login.conf for a given class, rebuild login.conf with cap_mkdb and change a user's from that class password. Use chpass or anything to see that the 'change' field in master.passwd is set to 0. >Fix: Here's the patch (a really trivial one) I've found on questions@ archives. I can confirm it's working on 6.0. --- src/lib/libpam/modules/pam_unix/pam_unix.c.orig Mon Feb 13 22:30:28 2006 +++ src/lib/libpam/modules/pam_unix/pam_unix.c Mon Feb 13 22:33:01 2006 @@ -371,11 +371,13 @@ if ((old_pwd = pw_dup(pwd)) == NULL) return (PAM_BUF_ERR); - pwd->pw_change = 0; lc = login_getclass(pwd->pw_class); if (login_setcryptfmt(lc, password_hash, NULL) == NULL) openpam_log(PAM_LOG_ERROR, "can't set password cipher, relying on default"); + pwd->pw_change = login_getcaptime(lc, "passwordtime", 0, 0); + if (pwd->pw_change) + pwd->pw_change += time(NULL); login_close(lc); makesalt(salt); pwd->pw_passwd = crypt(new_pass, salt); >Release-Note: >Audit-Trail: >Unformatted: