Linux system reinforcement: Modify the user password's Validity Period Mechanism

Source: Internet
Author: User

There must also be a method to hold your feet. The 26th is approaching. I cannot guarantee that I can remember too many things in a short time and they are all right, assume it's a monkey, Dad, and B. You can't watch it, hahaha ~ (You are not responsible for any error. Sorry !)

Updating ......

Modify the user password's Validity Period Mechanism

The effective mechanism of User Password modification can effectively prevent users from automatically failing their accounts after they leave their jobs for a period of time. Even if the administrator forgets to delete the account, the account will not cause harm to the system.

1./etc/login. defs

"/Etc/login. the defs file is a plan for creating a user, such as whether to use the home directory, the UID and GID range, and the user's validity period when creating a user, this file can be defined by root.

You can use "vim/etc/login. defs" to modify it:

PASS_MAX_DAYS: Maximum Password validity period (default value: 99999, equivalent to disabling the password's validity period)

PASS_MIN_DAYS: Minimum Password Validity Period

PASS_MIN_LEN: Minimum Password strength (recommended minimum password is 8 characters)

PASS_WARN_AGE: set the number of days before the password expires to notify the user to change the password (generally, the user will receive a warning when logging on to the system)

2. You can also search for the keywords "INACTIVE" and "EXPIRE" in the "/etc/default/useradd" file"

INACTIVE: indicates that the password is invalid several days after it expires (default value:-1)

EXPIRE: set a fixed password expiration date for all new users, in the format of "year-month-day"

The above two methods and policies can only take effect for new users. However, to modify policies for existing users, you must use the chage command, for example:

# Chage-l blacktha

This command lists the current validity period of the blacktha user.

# Chage-M 30 blacktha

This command changes the password validity period of the user blacktha to 30 days, and changes the corresponding shadow file.

The following are the chage command (Tool) parameters:

-M: PASS_MAX_DAYS

-L: lists the validity period of a user's current password.

-M: PASS_MIN_DAYS

-W: PASS_WARN_AGE

However, it is worth noting that chage only works for local users. If the system uses an authentication system like LDAP, it does not work.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.