Pages

Sunday, April 16, 2017

Purpose of Login.Defs file

Linux set default password expiry for all new users
by VIVEK GITE on APRIL 30, 2006 last updated NOVEMBER 29, 2007

Under Linux password related utilities and config file(s) comes from shadow password suite. The /etc/login.defs file defines the site-specific configuration for this suite. This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace.

You need to set default password expiry using /etc/login.defs file (password aging controls parameters):

PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.
Open file /etc/login.defs using text editor:
# vi /etc/login.defs

Setup (sample) values as follows:
PASS_MAX_DAYS 30
PASS_MIN_DAYS 1
PASS_WARN_AGE 7

No comments:

Post a Comment