mcclnx mcc
2015-Jun-29 19:59 UTC
[CentOS] set up login.defs but password still not expire?
We have Centos 5.8 on LInux server.I setup /etc/login.defs following: PASS_MAX_DAYS?? 3 PASS_MIN_DAYS?? 0 PASS_MIN_LEN??? 8 PASS_WARN_AGE?? 1 after that I chack user password policy and it show:# chage -l user1 Last password change??????????????????????????????????? : Jun 29, 2015 Password expires??????????????????????????????????????? : never Password inactive?????????????????????????????????????? : never Account expires???????????????????????????????????????? : never Minimum number of days between password change????????? : 0 Maximum number of days between password change????????? : 99999 Number of days of warning before password expires?????? : 7 anyone know why??? I did reboot server still same.
Ashish Yadav
2015-Jun-30 09:21 UTC
[CentOS] set up login.defs but password still not expire?
Hi, On Tue, Jun 30, 2015 at 1:29 AM, mcclnx mcc <mcclnx at yahoo.com.tw> wrote:> We have Centos 5.8 on LInux server.I setup /etc/login.defs following: > PASS_MAX_DAYS 3 > PASS_MIN_DAYS 0 > PASS_MIN_LEN 8 > PASS_WARN_AGE 1 > > after that I chack user password policy and it show:# chage -l user1 > Last password change : Jun 29, 2015 > Password expires : never > Password inactive : never > Account expires : never > Minimum number of days between password change : 0 > Maximum number of days between password change : 99999 > Number of days of warning before password expires : 7 > > anyone know why? I did reboot server still same. >It will not be applied automatically to existing users, you have to do that manually by running below command, For an example, # chage -E 6/30/2015 -m 5 -M 90 -I 30 -W 14 test ( For more information read Man page ) If you gonna create a new user after making changes into /etc/login.defs then password policy will be applied automatically on new user and you can check it by running "chage -l username". --Regards Ashishkumar S. Yadav
On 06/30/2015 07:59 AM, mcclnx mcc wrote:> We have Centos 5.8 on LInux server.I setup /etc/login.defs following: > PASS_MAX_DAYS 3So you're saying that you're running a CentOS that has not been updated in three years and as such is full of security vulnerabilities and bugs and yet you are security-conscious enough to want a 3 day password expire? Do yourself a favor and yum update, that will help you to secure your system way better than your password policy. Peter