For security, it is good to enforce password expiration. Here’s how you do it in Linux.
Edit the file /etc/login.defs:
sudo nano /etc/login.defs
Here you can specify options for password expiration:
PASS_MAX_DAYS 90 PASS_MIN_DAYS 7 PASS_MIN_LEN 14 PASS_WARN_AGE 7
Max Days: maximum life of a password
Min Days: prevent a second change again for X days
Min Len: Minimum password length accepted
Warn Age: Give users X days of warning before expiration
Note: To put in changes for an existing user, you must run chage command manually:
sudo chage -M 90 -m 7 -W 7 username
And lastly, you can verify a user’s expiration settings by issuing:
chage -l username
$ chage -l stmiller Last password change : Jan 27, 2011 Password expires : May 26, 2011 Password inactive : never Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 90 Number of days of warning before password expires : 7
Sweet!
