It's solved for me by setting it to non-zero:
sshd:"PASSWORD":1:0:99999:7:::Or run the following every time after useradd or passwd:
sed -e 's/^\([^:]*:[^:]*:\)0:/\11:/' /etc/shadow -iIs it because busybox passwd always update the "last changed" field to 0?
No, it's because the System time is not set correctly.
libbb/update_passwd.c
/* "name:" + "new_passwd" + ":" + "change date" + ":rest of line" */So if system time is not set correctly, "last changed" field will always be 0 at the first day, and SSH will always asking for changing passwd.
fprintf(new_fp, "%s%s:%u%s\n", name_colon, new_passwd,
(unsigned)(time(NULL)) / (24*60*60), cp);
Use date to update the system should fix this issue:
date -s 201401010000.00This is not even busybox related. It might happened on any PC, just PC has battery and RTC and rarely lost the time.
lib.uclibc.buildroot - Re: sshd always wants to change password - msg#00125 - Recent Discussion OSDir.com
http://osdir.com/ml/lib.uclibc.buildroot/2007-05/msg00125.html
> >Here is the entry from my shadow file:
> >sshd:"PASSWORD":0:0:99999:7:::
>
> set the last changed field to non-null
Linux Password & Shadow File Formats
http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
smithj:Ep6mckrOLChF.:10063:0:99999:7:::As with the passwd file, each field in the shadow file is also separated with ":" colon characters, and are as follows:
- Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username in the /etc/passwd file.
- Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a ``*'' entry (eg. :*:) indicates the account has been disabled.
- The number of days (since January 1, 1970) since the password was last changed.
- The number of days before password may be changed (0 indicates it may be changed at any time)
- The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
- The number of days to warn user of an expiring password (7 for a full week)
- The number of days after password expires that account is disabled
- The number of days since January 1, 1970 that an account has been disabled
- A reserved field for possible future use
沒有留言:
張貼留言