By default, all the account password expiration in Linux are disabled. There have two method to enable and disable password expiration, one of method by editing /etc/shadow file. Another method is using chage command.
1. Edit /etc/shadow
Login as root and type the following command
# vi /etc/shadow
Sample outputs
... lifelinux:$1$UgE5i8uC$mtNxSoPOCl5G5.9mQOQLy.:15092:0:99999:7::: ...
As with the passwd file, each field in the shadow file is also separated with “:” colon characters, and are as follows:
1. Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username in the /etc/passwd file.
2. Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a “*” entry (eg. :*:) indicates the account has been disabled.
3. The number of days (since January 1, 1970) since the password was last changed.
4. The number of days before password may be changed (0 indicates it may be changed at any time)
5. The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
6. The number of days to warn user of an expiring password (7 for a full week)
7. The number of days after password expires that account is disabled
8. The number of days since January 1, 1970 that an account has been disabled
9. A reserved field for possible future use
Syntax:
{userName}:{password}:{lastpasswdchanged}:{Minimum_days}:{Maximum_days}:{Warn}:{Inactive}:{Expire}:
2. Using chage command
Usage: chage [options] user
Options:
-d, --lastday LAST_DAY set last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
To list current aging type chage command for particular user account, example lifelinux, enter
# chage -l lifelinux
Sample outputs
Last password change : Apr 28, 2011 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Example: Set password aging for lifelinux, force password change every 60 days (-M 60), and prevent password changes for seven days (-m 7). Login users will receiving warnings 7 days (-W 7) and account will be locked after 7 days (-I 7).
# chage -m 7 -M 60 -W 7 -I 7 lifelinux
To Disable password aging, enter
# chage -m 0 -M 99999 -I -1 lifelinux
Force user to change password at first login, enter
# chage -d 0 lifelinux
Related Posts:
- How To Install Lighttpd And PHP (PHP-FPM) On CentOS 6
- How To Setup A LAMP Server On Centos 6.0
- How To Add User To Group In Linux
- How To Flush/Remove All Iptables Rules In Linux
- How To Deny Or Block User Login In Linux
- How To Install Subversion (SVN) Extension Working With PHP 5.3
- How To Setup Iptables Firewall For A Web Server On CentOS
- How Do I Fix “Host is blocked because of many connection error” In MySQL
- How To Start / Shutdown / Reboot Guest Operating Systems With virsh Command On KVM
- Repel port flood by CSF and IPT_Recent