In an effort to help make our systems a little more secure, I have made
a few simple changes to the passwd program, and the local_passwd.c
function in particular, that 'turn on' six month passwd expiration.

The change does not modify the existing process, and turning the
functionality off is as simple as removing the -DPASSWD_EXPIRE in the
Makefile.  With the System Administrators Tools for Analyzing Networks
coming up in the next few days, I thought it might be apropos to toss
this out to you.

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	passwd.expire.diff
#
echo x - passwd.expire.diff
sed 's/^X//' >passwd.expire.diff << 'END-of-passwd.expire.diff'
X*** Makefile.orig	Mon Feb 13 05:17:36 1995
X***************
X*** 9,14 ****
X--- 9,16 ----
X  LDADD+= -lrpcsvc -lcrypt
X  CFLAGS+=-I${.CURDIR} -DYP
X  
X+ CFLAGS+= -DPASSWD_CHANGE
X+ 
X  .if defined(KERBEROS5)
X  SRCS+= krb5_passwd.c
X  CFLAGS+= -DKERBEROS5
X*** local_passwd.c.orig	Sun Dec 25 05:29:16 1994
X***************
X*** 42,47 ****
X--- 42,59 ----
X  #include <stdio.h>
X  #include <string.h>
X  
X+ /*
X+  * 1555200 is 180 days * 24 hours * 60 minutes * 60 seconds
X+  */
X+ 
X+ #ifdef PASSWD_CHANGE
X+ #undef  PASSWD_CHANGE
X+ #include <time.h>
X+ #define PASSWD_CHANGE 15552000 + time((time_t *)NULL) 
X+ #else
X+ #define PASSWD_CHANGE 0
X+ #endif
X+   
X  uid_t uid;
X  
X  char *progname = "passwd";
X***************
X*** 74,85 ****
X  	tfd = pw_tmp();
X  
X  	/*
X! 	 * Get the new password.  Reset passwd change time to zero; when
X  	 * classes are implemented, go and get the "offset" value for this
X  	 * class and reset the timer.
X  	 */
X  	pw->pw_passwd = getnewpasswd(pw);
X! 	pw->pw_change = 0;
X  	pw_copy(pfd, tfd, pw);
X  
X  	if (!pw_mkdb())
X--- 86,103 ----
X  	tfd = pw_tmp();
X  
X  	/*
X! 	 * Get the new password.  Set passwd change time to default; when
X  	 * classes are implemented, go and get the "offset" value for this
X  	 * class and reset the timer.
X  	 */
X  	pw->pw_passwd = getnewpasswd(pw);
X! 	pw->pw_change = PASSWD_CHANGE;
X! 	if (pw->pw_change == 0) {
X! 		pw->pw_expire = 0;
X! 	} else {
X! 		/* Set expiration 14 days after change */
X! 		pw->pw_expire = PASSWD_CHANGE + 1209600;
X! 	}
X  	pw_copy(pfd, tfd, pw);
X  
X  	if (!pw_mkdb())
END-of-passwd.expire.diff
exit