Linux password expiration and warnings

We all know changing your password every so often is a good idea. Along with the idea of changing your password come the idea of forcing users to change their password, because unless you force it they will never change it. In linux (redhat) this is handled by the chage command.

To set the minimum life of a password in days:

chage -m days username

To set the maximum life of a password to days:

chage -M days username

To set the number of days an account can be inactive (after password expire) before it’s locked:

chage -I days username

To set the date after which an account is inaccessable:

chage -E date username

To set an advanced warning, in days, of an upcomming password change:

chage -W days username

To display current expiration information (can be done by users)

chage -l username

All of this information is also stored inside /etc/login.defs for example a default file looks like:

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.