I just had to read the security manual better..
---------- Forwarded message ----------
Date: Wed, 18 Feb 1998 19:06:11 -0500
From: "John P.Speno" <speno_at_isc.upenn.edu>
To: Brian Weaver <weaver_at_psd.k12.co.us>
Subject: Re: Setting passwords to never expire..
> This is not covered in the prpasswd man page. When running
> C2, what is the correct way to set things up so there
> are no password expirations or password lifetimes ?
> Although it is not documented, the from playing, it seems
> like you want to set u_exp and u_life to 0, either in
> the /etc/auth/system/defaults file, or in a users own entry.
> I came up with that because if it is not in the defaults
> file, the useradd command puts u_life#0 and u_exp#0 in
> a users password entry. . We are running in to problems
> because we have a server that is seeing u_exp#0 and assuming
> that the password is expired... Anyone know the official
> DEC word what u_exp#0 is supposed to mean? Does it mean
> your password is expired now, or that your password
We ran across this issue when dealing with ssh-1.2.22, which
has a bug in its C2 password checking.
>From DEC's online manuals:
>From the 4.0B online System and Network Administration documentation,
the Security subsection:
7.5.4.1 Aging
If you do not want password aging on your system, in the default
database set u_exp and u_life to 0, and then (because of the way the
default methods of determining length restrictions on passwords work
based on the password lifetime) also set u_minlen and u_maxlen to
appropriate values for the site.
An example entry could be as follows:
:u_exp#0:u_life#0:u_minlen#5:u_maxlen#32:\
Received on Thu Feb 19 1998 - 01:12:40 NZDT