CentOS 8.x Configure password aging
From Notes_Wiki
<yambe:breadcrumb self="Configure password aging">CentOS 8.x System Administration|System Administration</yambe:breadcrumb>
CentOS 8.x Configure password aging
It might be desired to set password aging so that users are forced to change password after a fixed interval.
Check current password aging configuration
To check current password aging configuration for a user use:
chage -l <username>
Use man chage to see how to change various listed values for a user
Configure default password aging for new users
Note that this only affects new users created after the values are changed. This does not affects existing users password aging
To configure password aging for new users edit '/etc/login.defs' and set values for:
PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 8 PASS_WARN_AGE 7
where
- PASS_MAX_DAYS
- Maximum no. of days for which password is valid and need not be changed
- PASS_MIN_DAYS
- Minimum no. of days that must pass since last password change. A value of 0 means user can change password immediately after changing once.
- PASS_MIN_LEN
- Minimum length of password. Better see CentOS 8.x Configure password complexity on password complexity
- PASS_WARN_AGE
- These many days before PASS_MAX_DAYS (Password expiry) since last change, the warning would be displayed to user.
Refer:
<yambe:breadcrumb self="Configure password aging">CentOS 8.x System Administration|System Administration</yambe:breadcrumb>