Linux system reinforcement: Modify the user password's Validity Period Mechanism

There must also be a method to hold your feet. The 26th is approaching. I cannot guarantee that I can remember too many things in a short time and they are all right, assume it's a monkey, Dad, and B. You can't watch it, hahaha ~ (You are not responsible for any error. Sorry !)

Updating ......

Modify the user password's Validity Period Mechanism

The effective mechanism of User Password modification can effectively prevent users from automatically failing their accounts after they leave their jobs for a period of time. Even if the administrator forgets to delete the account, the account will not cause harm to the system.

1./etc/login. defs

"/Etc/login. the defs file is a plan for creating a user, such as whether to use the home directory, the UID and GID range, and the user's validity period when creating a user, this file can be defined by root.

You can use "vim/etc/login. defs" to modify it:

PASS_MAX_DAYS: Maximum Password validity period (default value: 99999, equivalent to disabling the password's validity period)

PASS_MIN_DAYS: Minimum Password Validity Period

PASS_MIN_LEN: Minimum Password strength (recommended minimum password is 8 characters)

PASS_WARN_AGE: set the number of days before the password expires to notify the user to change the password (generally, the user will receive a warning when logging on to the system)

2. You can also search for the keywords "INACTIVE" and "EXPIRE" in the "/etc/default/useradd" file"

INACTIVE: indicates that the password is invalid several days after it expires (default value:-1)

EXPIRE: set a fixed password expiration date for all new users, in the format of "year-month-day"

The above two methods and policies can only take effect for new users. However, to modify policies for existing users, you must use the chage command, for example:

# Chage-l blacktha

This command lists the current validity period of the blacktha user.

# Chage-M 30 blacktha

This command changes the password validity period of the user blacktha to 30 days, and changes the corresponding shadow file.

The following are the chage command (Tool) parameters:

-M: PASS_MAX_DAYS

-L: lists the validity period of a user's current password.

-M: PASS_MIN_DAYS

-W: PASS_WARN_AGE

However, it is worth noting that chage only works for local users. If the system uses an authentication system like LDAP, it does not work.