PASSWORD POLICY FOR SINGLE USER AND ALL_USERS
CHANGE PASSWORD AND ADJUST PASSWORD
POLICES FOR SINGLE USER AND ALL USERS AT A TIME:
vim
/etc/login.defaults
which allows to set specific parameters for passwords of the
users like pwd length, include special chars, no’s and password expiry, etc…
password hashes are located in /etc/shadow(password policy
info).
Ex:
root:$6$neBVcz0K$7zTq20kWszOZKaqRO.4KOgLkwNQPjEi0/xatTa9h2tjfdnWUuv/QaWnt44DqZjMz5YHoc1hcPTgCJiYn5tRd5.:17266:0:99999:7:::
<user>:<passwordhash>:<last pwd
date>:<min days before pwd can be changed >:<max no of days before
pwd can be changed>:<no of days one should get warning to change
pwd>:<no of days account remains active after pwd has expired if it
exceeds your account is locked>:<expiration date(yyyy-mm-dd)>
How to we manage above
By using (usermod,passwd,chage) commands.
chage
–l
chage
–l <username>
it gives all the above info of the specific user.
To change pwd polices for single
user you should use chage cmd and for all users you can edit /etc/login.defs
date -d '+50days' +%F (today date is 2018-12-29)
2019-02-17
F – full date format
d - Display the date and time specified in
DATESTR(‘+50days’) instead of the
current date and
time.
++++++++++++++++++++++++++++
Ex:
useradd test
[root@cloudpro2 etc]#
chage -l test
Last password change : Dec 29,
2018
Password expires : never
Password inactive : never
Account expires :
never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@cloudpro2 etc]#
date -d '+1day' +%F
2018-12-30
[root@cloudpro2 etc]#
chage -E 2018-12-30 test
[root@cloudpro2 etc]#
chage -l test
Last password change : Dec 29,
2018
Password expires : never
Password inactive : never
Account expires : Dec
30, 2018
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires :
7
+++++++++++++++++++++++++++++++++++++++++++
Password expires :
max no of days pwd has to be changed.
chage –M 90 test
Account expires : no
of days/date after account expires
chage -E 2018-12-30 test
chage –E -1 test (to
remove expiration date)
Password inactive : no of days after a password expires then
account becomes inactive
++++++++++++++++++++
[root@cloudpro2 ~]# chage -M 2 test
[root@cloudpro2 ~]# chage -W 1 test
chage -l test
Last password change : Dec 29,
2018
Password expires : Dec
31, 2018
Password inactive : never
Account expires : Dec
30, 2018
Minimum number of days between password change : 0
Maximum number of days between password change : 2
Number of days of warning before password expires : 1
+++++++++++++++++++++++++++++++++++++
chage -E -1 test
[root@cloudpro2 ~]# chage -l test
Last password change
: Dec
29, 2018
Password expires : Dec
31, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 2
Number of days of warning before password expires : 1
+++++++++++++++++++++++++++++++++++++++++++++++++++++
usermod -s /sbin/nologin test
[root@cloudpro2 ~]#
su test
This account is currently not available.
usermod -s /bin/bash test
[root@cloudpro2 ~]#
su test
[test@cloudpro2 root]$
++++++++++++++++++++++++++++++++++++++++++
chage –d
<username>
-d – (set date of last password change to LAST_DAY).
chage -d 0 test --
forces the user to chage pwd next login.
++++++++++++++++++++++++++++++++++++++++++++
[root@cloudpro2 ~]#
chage -l test
Last password change : password
must be changed
Password expires : password
must be changed
Password inactive :
password must be changed
Account expires :
never
Minimum number of days between password change : 0
Maximum number of days between password change : 2
Number of days of warning before password expires : 1
+++++++++++++++++++++++++++++++++++++++++++++
Comments
Post a Comment