CentOS 8.x Configure password aging

Home > CentOS > CentOS 8.x > System Administration > CentOS 8.x Configure password aging

It might be desired to set password aging so that users are forced to change password after a fixed interval.

Check current password aging configuration

To check current password aging configuration for a user use:

chage -l <username>

Use man chage to see how to change various listed values for a user

Configure default password aging for new users

Note that this only affects new users created after the values are changed. This does not affects existing users password aging

To configure password aging for new users edit '/etc/login.defs' and set values for:

PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   7

where

PASS_MAX_DAYS

Maximum no. of days for which password is valid and need not be changed

PASS_MIN_DAYS

Minimum no. of days that must pass since last password change. A value of 0 means user can change password immediately after changing once.

PASS_MIN_LEN

Minimum length of password. Better see CentOS 8.x Configure password complexity on password complexity

PASS_WARN_AGE

These many days before PASS_MAX_DAYS (Password expiry) since last change, the warning would be displayed to user.

Refer:

• https://serverauth.com/posts/configure-password-aging-linux

Home > CentOS > CentOS 8.x > System Administration > CentOS 8.x Configure password aging