Enabling Password Aging

Enabling Password Aging

The following example shows how password expiration can be setup for individual user accounts.

The following files and parameters in the table are used when a new account is created with the useradd command. These settings are recorded for each user account in the /etc/shadow file.

Therefore, make sure to configure the following parameters before you create any user accounts using the useradd command:

$ cat login.defs |grep PASS_

# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#PASS_MIN_LEN
#PASS_MAX_LEN

Also check - /etc/default/useradd

# The number of days after a password expires until the account
# is permanently disabled
# INACTIVE=-1
#
# The default expire date
# EXPIRE=

When a user account is created using the useradd command, the parameters listed in the above table are recorded in the /etc/shadow file in the following fields

[username]:[password]:[date]:PASS_MIN_DAYS:PASS_MAX_DAYS:PASS_WARN_AGE:INACTIVE:EXPIRE:

To create a new user account you can execute the following command:

useradd -c “centos” -g users test

To get password expiration information:

$ chage -l centos

Last password change : Aug 31, 2009
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Tags: , ,

One Response to “Enabling Password Aging”

  1. # 3privilegeson 13 Jan 2022 at 1:39 am

    2dalliance…

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.