CentOS 8.x Configure password aging

From Notes_Wiki
Revision as of 03:29, 19 April 2022 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > CentOS > CentOS 8.x > System Administration > CentOS 8.x Configure password aging

It might be desired to set password aging so that users are forced to change password after a fixed interval.

Check current password aging configuration

To check current password aging configuration for a user use:

chage -l <username>

Use man chage to see how to change various listed values for a user


Configure default password aging for new users

Note that this only affects new users created after the values are changed. This does not affects existing users password aging

To configure password aging for new users edit '/etc/login.defs' and set values for:

PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   7

where

PASS_MAX_DAYS
Maximum no. of days for which password is valid and need not be changed
PASS_MIN_DAYS
Minimum no. of days that must pass since last password change. A value of 0 means user can change password immediately after changing once.
PASS_MIN_LEN
Minimum length of password. Better see CentOS 8.x Configure password complexity on password complexity
PASS_WARN_AGE
These many days before PASS_MAX_DAYS (Password expiry) since last change, the warning would be displayed to user.



Refer:



Home > CentOS > CentOS 8.x > System Administration > CentOS 8.x Configure password aging