Q & A
-
-
0
Nota -
0
Optiuni -
385
Accesari -
- CritiC
Manage password aging in Linux systems
- 2 years ago
- GNULinux
- 2 years ago
Password expiry for users is configuring in /etc/login.defs file.These are the password aging parameters
PASS_MAX_DAYS Maximum number of days a password may be used.
PASS_MIN_DAYS Minimum number of days allowed between password changes.
PASS_WARN_AGE Number of days warning given before a password expires.
By default PASS_MAX_DAYS will be 99999 days that means no password expiry.So we are going to configure password expiry for all users in 90 days and minimum days between password change is 1 day.
Open /etc/login.defs and change the following entries
PASS_MAX_DAYS 90 PASS_MIN_DAYS 1 PASS_WARN_AGE 7
save and exit
So after 90 days all users are forced to change their passwords.
To set password expiry for a particular user:We can use chage utility to enable password expiry for a particalar user
Usage: chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] username
eg: if we want to enable password expiry for root user (90 days to expire,minimum days between password change is 1 day and warning about password expiry in 7 days)
# chage -m 1 -M 90 -W 7 root
change can also be used to find out the last password change,password expiration date etc
# chage -l root Last password change : Aug 26, 2021 Password expires : Nov 24, 2021 Password inactive : never Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 90 Number of days of warning before password expires : 7
- Comenteaza
- powered by Verysign