Set Password Expiration for Linux Accounts

By | 2011/03/19

For security, it is good to enforce password expiration. Here’s how you do it in Linux.

Edit the file /etc/login.defs:

sudo nano /etc/login.defs

Here you can specify options for password expiration:

PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_MIN_LEN 14
PASS_WARN_AGE 7

Max Days: maximum life of a password
Min Days: prevent a second change again for X days
Min Len: Minimum password length accepted
Warn Age: Give users X days of warning before expiration


Note: To put in changes for an existing user, you must run chage command manually:

sudo chage -M 90 -m 7 -W 7 username

And lastly, you can verify a user’s expiration settings by issuing:

chage -l username
$ chage -l stmiller
Last password change					: Jan 27, 2011
Password expires					: May 26, 2011
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 1
Maximum number of days between password change		: 90
Number of days of warning before password expires	: 7

Sweet!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.