Bug 45957 - simplify "user has to change password on next logon behavior" (shadowLastChange)
simplify "user has to change password on next logon behavior" (shadowLastChange)
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks: 47516 47518
  Show dependency treegraph
 
Reported: 2017-12-27 21:49 CET by Florian Best
Modified: 2021-05-03 21:32 CEST (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (3.11 KB, patch)
2017-12-27 21:50 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2017-12-27 21:49:44 CET
man 5 shadow says:
>        date of last password change
...
>            The value 0 has a special meaning, which is that the user should change her pasword the next time she
>            will log in the system.....
>        maximum password age
...
>            An empty field means that there are no maximum password age, no password warning period, and no
>            password inactivity period (see below).

So, if shadowLastChange is set to "0" the user has to change his password on the next login.
To achieve this we're currently setting "shadowMax" to date(now) - pw_expiry_interval - 1.

Instead we could simplify the behavior to:
1. set shadowMax only to pw_expiry_interval 
2. set shadowLastChange to "0"

There is a patch in the branch fbest/45842-simplify-shadowLastChange, which is based on the feature branch of Bug #45842.
Comment 1 Florian Best univentionstaff 2017-12-27 21:50:18 CET
Created attachment 9330 [details]
patch