Yesterday’s Thoughts

On my home Linux Box (Whitebox Enterprise 3.0) I use a number of different users for various purposes. I tend to create and delete them fairly often.

I suddenly started seeing a warning when creating or deleting a user:
[root@server root]# adduser newuser configuration error - unknown item 'PASS_MAX_AGE' (notify administrator) [root@server root]# userdel newuser configuration error - unknown item 'PASS_MAX_AGE' (notify administrator)

The resources of Google were no help.
man adduser showed me the following config files
FILES /etc/passwd - user account information /etc/shadow - secure user account information /etc/group - group information /etc/gshadow - secure group information /etc/default/useradd - default information /etc/login.defs - system-wide settings /etc/skel - directory containing default files

Poking through these files with grep returned:

/etc/login.defs:PASS_MAX_AGE 5

login.defs was modified about a month ago, I don’t know how or why. useradd was six months old. I assume some other package modified login.defs, or maybe there was a configuration step that I performed unknowingly or incorrectly. I do not recall this, but maybe I did it through a GUI. I guess I need to get my entire hierarchy under version control, and more facility with yum/up2date.

Anyway, if PASS_MAX_AGE means what I think it does, passwords cannot be older than 5 days, or the user is forced to change it. This is bizarrely short for my purposes.

login.defs is not very helpful. Here is a snippet of the file:
# Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 60 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_MAX_AGE 5

The other variables are documented. PASS_MAX_AGE isn’t and PASS_WARN_AGE is documented and not used. I assume that this is a mistake.

Google returns 1500 hits for PASS_WARN_AGE.

I commented out the PASS_MAX_AGE and replaced it with PASS_WARN_AGE. No warnings from useradd and userdel. I will report back if anything else breaks.