[TriLUG] Expiring passwords
James Manning
jmm at sublogic.com
Mon Dec 22 11:20:18 EST 2003
> Perhaps you meant that there are alternatives to editing the values
> directly - ones that might be safer for the novice to use?
Well, in general I agree with Chip - code to API's (in this case
programs) where possible, they can be kept working much longer than
file formats. Is shadow (for this particular case) likely to change
formats? No, but by using usermod it doesn't matter if it does.
Similarly, by using "service" instead of /etc/rc.d/init.d/foo, a lot
of sysadmins didn't care when scripts migrated up to /etc/init.d/
You, of course, then introduce a dependency on something else, and if
that's not guaranteed to be around, maybe you're better off with
something doing the direct-editing. There's pro's and con's on both
sides of it, but I always like using the most abstracted interface
possible when there's not a big performance concern, because I'm most
likely to keep working for a longer period of time before I need to go
back and edit things.
Also, API's and programs can typically have migration times where both
old interfaces and new are both supported, giving windows of time for
code migration. File formats tend to be one or the other - it's
pretty hard to support backwards compatibility outside of "add on more
delimited fields to the end".
ramblerambleramble
--
James Manning <http://www.sublogic.com/james/>
GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7 9C8E A0BF B026 EEBB F6E4
More information about the TriLUG
mailing list