Red Hat Bugzilla – Bug 190014
locally configured /etc/login.defs file was replaced by an update
Last modified: 2007-11-30 17:11:31 EST
Description of problem:
Installing an 'updated' shadow-utils (4.0.14-16.FC5) (with yum -y update)
replaced a local site configured file (/etc/login.defs) with stronger constraints
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. yum -y update or yum -y update shadow-utils
The local /etc/login.defs file had been modified to make the system 'stronger'.
Specifically PASS_MAX_DAYS had been changed to 90 from 99999
PASS_MIN_DAYS had been changed to 7 from 0
PASS_MIN_LEN had been changed to 8 from 5
If the /etc/login.defs file has been modified from the original, don't replace
it. After my system 'passed inspection' it later failed a security assessment
because the new shadow-utils has weak requirements such as never changing the
password (99999 days) min password length of 5, etc.
I have marked login.defs as noreplace.