Two different ways:
One, use passwd command and/etc/shadow file to control password policy
Description of the/etc/shadow file:
Root:$6$fxqlc6mg$uzcxdaiptjrrea/k3mf999beith/cnozyncshwxfcxknwktybvopng7cpopwxlnatxw7ezv5svav1aiexohja1 : 17107:0:99999:7:::
One of the entries in the file is a user's configuration, column description:
1. User Name
2. Password (encrypted password)
3. Date of the most recent password change (in days from January 1, 1970 to the current password change date)
# echo $ (($ (Date--date= "2016/11/11" +%s)/86400+1)) =days
4. The number of days the password cannot be changed (0, password can be changed at any time)
5. Number of days the password needs to be re-changed (99999, Password never expires)
6. Number of days before the password needs to be reset
7. Account Grace time after password expires (password expiration date)
Password is valid for: Update date 3 column + Reset date 5 column. You must reset your password to use system resources after the password expires
8. Account expiration Date (the total number of days in 1970来 is set, the date after this setting value is not available for this account.) )
9. Retention
Second, the use of Pam module authentication method, but this is not valid for the root user.
Specific operation please man PAM password policy settings
Linux Password Policy