Yesterday’s Thoughts

On my home Linux Box (Whitebox Enterprise 3.0) I use a number of different users for various purposes. I tend to create and delete them fairly often.

I suddenly started seeing a warning when creating or deleting a user:

[root@server root]# adduser newuser
configuration error - unknown item ‘PASS_MAX_AGE’ (notify administrator)
[root@server root]# userdel newuser
configuration error - unknown item ‘PASS_MAX_AGE’ (notify administrator)


The resources of Google were no help.
man adduser showed me the following config files

FILES
/etc/passwd - user account information
/etc/shadow - secure user account information
/etc/group - group information
/etc/gshadow - secure group information
/etc/default/useradd - default information
/etc/login.defs - system-wide settings
/etc/skel - directory containing default files


Poking through these files with grep returned:

/etc/login.defs:PASS_MAX_AGE 5

login.defs was modified about a month ago, I don’t know how or why. useradd was six months old. I assume some other package modified login.defs, or maybe there was a configuration step that I performed unknowingly or incorrectly. I do not recall this, but maybe I did it through a GUI. I guess I need to get my entire hierarchy under version control, and more facility with yum/up2date.

Anyway, if PASS_MAX_AGE means what I think it does, passwords cannot be older than 5 days, or the user is forced to change it. This is bizarrely short for my purposes.

login.defs is not very helpful. Here is a snippet of the file:

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 60
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_MAX_AGE 5


The other variables are documented. PASS_MAX_AGE isn’t and PASS_WARN_AGE is documented and not used. I assume that this is a mistake.

Google returns 1500 hits for PASS_WARN_AGE.

I commented out the PASS_MAX_AGE and replaced it with PASS_WARN_AGE. No warnings from useradd and userdel. I will report back if anything else breaks.