Check the /etc/login.defs file to check the applied password policy, here it is showing that password expiry days define as 99999 i.e. it will never expire.
[root@DbAppWeb ~]# cat /etc/login.defs
.
.
.
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
.
.
.
[root@DbAppWeb ~]#
Change the value of the PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_MIN_LEN, and PASS_WARN_AGE to define the new password policy.
[root@DbAppWeb ~]# vi /etc/login.defs
.
.
.
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 90
PASS_MIN_DAYS 1
PASS_MIN_LEN 8
PASS_WARN_AGE 10
.
.
.
[root@DbAppWeb ~]#
[root@DbAppWeb ~]#
Create a new user after defining the above policy, the new user will be created with password expiry, Minimum number of days between password change, Maximum number of days between password change and Number of days of warning before password expires. Here I have created a new user dbappweb using the command useradd
See the details using the command chage -l username
[root@DbAppWeb ~]# chage -l dbappweb
Last password change : Oct 12, 2018
Password expires : Jan 10, 2019
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 10
[root@DbAppWeb ~]#
The above policy will not be applicable to the users which have been already created.
[root@DbAppWeb ~]# chage -l sonu.patel
Last password change : Jun 10, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@DbAppWeb ~]#
To set the password expiry, account expiry etc. use the command chage with the options, options details are given below.
[root@DbAppWeb ~]# chage
Usage: chage [options] LOGIN
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
[root@DbAppWeb ~]#
Last Updated: August 21, 2019
No Responses