James's Ramblings

Linux Passwords

Created: January 15, 2020

chage

Use the chage command to manipulate password aging on a per user basis.

/etc/login.defs

  • Configure aging and length for the entire system in /etc/login.defs.
  • There are four relevant fields starting with PASS_.
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

/etc/default/useradd

  • Configure new user accounts to expire in /etc/default/useradd.
INACTIVE=3		# the number of days after a password expires until the account is permanently disabled
EXPIRE=2019-02-01	# set password expiry to a specific date
  • Passwords do not expire by default as per the MAX_DAYS 99999 in /etc/login.defs.

pam_pwquality

  • Password strength is configured using pam_pwquality.
  • man pam_pwquality.