CentOS - Nov 2019 - Limit user password by time

Is it possible with "chage" to configure a password caducity for, at 
most, 2 hours? I think "chage" only allows caducity for, at least, one
day.

On Nov 4, 2019, at 4:28 AM, Gesti? Servidors <sysadmin.caos at uab.cat>
wrote:
> Is it possible with "chage" to configure a password caducity for,
at
> most, 2 hours? I think "chage" only allows caducity for, at
least, one day.

You?re pushing the limits of my memories of latin class, but if I understand
what you?re asking, you want to set the expiration of a password to a specific
hour, not day.

The password age, minimum age and maximum age fields in /etc/shadow are stored
as an integer in days, so no, I don?t believe you can set it to a specific hour.

--
Jonathan Billings <billings at negate.org>

chage apparently depends on the shadow file which is day-based.  You might want
to be more specific when you say "limit", are you trying to force
password changes every 2 hours or force logout every 2 hours or something else? 
The reason I ask is you're probably into the "create your own
method" arena where exactly what you're trying to do may greatly
influence the possibilities.

________________________________
From: CentOS <centos-bounces at centos.org> on behalf of Gesti? Servidors
<sysadmin.caos at uab.cat>
Sent: Monday, November 4, 2019 3:28 AM
To: centos at centos.org <centos at centos.org>
Subject: [EXTERNAL] Re: [CentOS] Limit user password by time

Is it possible with "chage" to configure a password caducity for, at
most, 2 hours? I think "chage" only allows caducity for, at least, one
day.
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy at datavoiceint.com


[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]


2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>


This message has been sent on behalf of a company that is part of the Harris
Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify
us<http://subscribe.harriscomputer.com/>.



This message is intended exclusively for the individual or entity to which it is
addressed. This communication may contain information that is proprietary,
privileged or confidential or otherwise legally exempt from disclosure. If you
are not the named addressee, you are not authorized to read, print, retain, copy
or disseminate this message or any part of it. If you have received this message
in error, please notify the sender immediately by e-mail and delete all copies
of the message.

On Nov 4, 2019, at 9:20 AM, Leroy Tennison <leroy at datavoiceint.com>
wrote:
> chage apparently depends on the shadow file which is day-based.  You might
want to be more specific when you say "limit", are you trying to force
password changes every 2 hours or force logout every 2 hours or something else? 
The reason I ask is you're probably into the "create your own
method" arena where exactly what you're trying to do may greatly
influence the possibilities.

If you just want to create a really small window where ssh logins will succeed,
you can instead use OpenSSH?s CA certificate signing of pubkeys method, with the
signature expiring at the very second you want it to expire.

Facebook engineering had a pretty good article about it recently:
https://engineering.fb.com/security/scalable-and-secure-access-with-ssh/

--
Jonathan Billings <billings at negate.org>