Some of the previous time in accordance with the company requirements of the security of some servers to strengthen the content of the reinforcement is to set the user password cycle time. It turns out that this wood is of a mission use. Below is a small drop test in the virtual machine environment:
First, log on to the server and check the/etc/login.def
And then look at/etc/shadow.
Find that the password strategy is completely right.
Then we modify the/etc/login.def
The first line, the password used for the longest time of 90 days, 90 days after the reminder.
The second line, the minimum time to use the password is 10 days, within 10 days can not modify the password.
Third line, password complexity, at least 8 digits
The four lines, the password expires will be reminded 5 days, 5 days after the password has not been changed, the account will be frozen invalid.
After the modification, look at the/etc/shadow and see that nothing has changed. Then we useradd test to add an account number, found that the new account to adapt to the modified password cycle settings.
After repeated tests, found whether to add a normal account or an administrator account, or modify Pass_min_days, Pass_min_len, pass_warn_age several options, are only applicable to the account added later, for the previous account has not had any impact.