-l/-u options: edit the shadow account expiry field *in addition* to

editing the password field.  Debian patch 494_passwd_lock.
This commit is contained in:
nekral-guest 2007-11-17 16:40:39 +00:00
parent f16a859ff8
commit e47ee90033
3 changed files with 19 additions and 2 deletions

View File

@ -1,3 +1,9 @@
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
* src/passwd.c, man/passwd.1.xml: -l/-u options: edit the
shadow account expiry field *in addition* to editing the password
field. Debian patch 494_passwd_lock.
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
* src/newgrp.c: Do not request a password when a user uses newgrp

View File

@ -214,7 +214,8 @@
<listitem>
<para>
Lock the named account. This option disables an account by changing
the password to a value which matches no possible encrypted value.
the password to a value which matches no possible encrypted value,
and by setting the account expiry field to 1.
</para>
</listitem>
</varlistentry>
@ -275,7 +276,8 @@
<para>
Unlock the named account. This option re-enables an account by
changing the password back to its previous value (to value before
using <option>-l</option> option).
using <option>-l</option> option), and by resetting the account
expiry field.
</para>
</listitem>
</varlistentry>

View File

@ -531,6 +531,15 @@ static void update_shadow (void)
nsp->sp_inact = (inact * DAY) / SCALE;
if (do_update_age)
nsp->sp_lstchg = time ((time_t *) 0) / SCALE;
if (lflg) {
/* Set the account expiry field to 1.
* Some PAM implementation consider zero as a non expired
* account.
*/
nsp->sp_expire = 1;
}
if (uflg)
nsp->sp_expire = -1;
/*
* Force change on next login, like SunOS 4.x passwd -e or Solaris