Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00


                                            `Date: Thu, 10 Jun 1999 11:16:32 -0500  
From: Chad Price <cprice@MOLBIO.UNMC.EDU>  
Subject: Sun Useradd program expiration date bug  
This has been tested and verified only on Solaris 7.  
Sun has provided a useradd binary as well as the gui (admintool) for adding  
new users. This program (it's a binary in Solaris 7) allows the "-e"  
parameter which purports to set the expiration date for a new account. The  
man page for it says:  
-e expire Specify the expiration date for a login. After  
this date, no user will be able to access this  
login. expire is a date entered in any format you  
like (except a Julian date). If the date format  
that you choose includes spaces, it must be  
quoted. For example, you may enter 10/6/90 or  
"October 6, 1990". A null value (" ") defeats the  
status of the expired date. This option is useful  
for creating temporary logins.  
The key here is that is says: "in any format you like".  
Using the system as it ships and using the parameter as (for example)  
"-e 6/30/2000"  
(in a vain attempt to avoid Y2K confusion) results in an expiration date of  
June 30, 2020, so if you are expecting the user accounts to expire soon,  
you will be a little disappointed. If expiration dates are critical, you  
have a real problem - users can login for 20 years after you thought you  
had expired them!  
Workaround (supplied by Sun): replace /etc/datemsk with:  
%m/%d/%y %I:%M:%S %p  
%m/%d/%Y %I:%M:%S %p  
%m/%d/%y %H:%M:%S  
%m/%d/%Y %H:%M:%S  
%m/%d/%y %I:%M %p  
%m/%d/%Y %I:%M %p  
%m/%d/%y %H:%M  
%m/%d/%Y %H:%M  
%b %d, %Y %I:%M:%S %p  
%b %d, %Y %H:%M:%S  
%B %d, %Y %I:%M:%S %p  
%B %d, %Y %H:%M:%S  
%b %d, %Y %I:%M %p  
%b %d, %Y %H:%M  
%B %d, %Y %I:%M %p  
%B %d, %Y %H:%M  
%b %d, %Y  
%B %d, %Y  
%b %d  
Your mileage may vary. I have not tested this to make sure it works  
correctly with 2-digit years (lower case 'y' in the mask above.)  
Sun has been notified of this and of the posting to BUGTRAQ.  
Chad Price  
Systems Manager  
University of Nebraska Medical Center  
600 S 42nd St  
Omaha, NE 68506-6495  
(402) 559-9527  
(402) 559-4077 (FAX)