Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ How to forcibly change the Linux system password on a regular basis     - Android source code compiled fatal error solutions (Programming)

- Detailed installation OpenCV2.3.1 under CentOS 6.5 (Linux)

- CentOS replaces update source and Linux kernel compilation summary (Linux)

- Java filter (Programming)

- Install minimize RHEL / CentOS 7 things to do (Linux)

- MySQL import large amounts of data (Database)

- Spring MVC Exception Handling (Programming)

- Elasticsearch 2.20 Beginners: aggregation (Server)

- Linux non-graphical interface to install Oracle Database (Database)

- Linux System Getting Started Tutorial: How to Force Change your password at next logon Linux (Linux)

- Installation CD audio file extraction tool Flacon (Linux)

- ORA-00600 error solve one case (Database)

- VMware virtual machine can not start VMnet0 no Internet access and other issues (Linux)

- installation and configuration of the PHP environment (Apache2) under Linux (Server)

- Java memory area and memory overflow exception (Programming)

- MySQL binary packages install for RedHat Linux Enterprise 6.4 (Database)

- ApacheDS configuration of users and user groups to achieve SSO (Server)

- How to Install Winusb in Ubuntu 14.04 (Linux)

- CentOS 6.5 installation VNCServer implement graphical access (Server)

- Hutchison DG standby database CPU consumption reached bottleneck repair (Database)

 
         
  How to forcibly change the Linux system password on a regular basis
     
  Add Date : 2018-11-21      
         
         
         
  Linux password aging mechanism is a system used to enforce password expire after a certain length of time. For users, this may bring some trouble, but it ensures that the password be changed regularly, it is a good safety measure. By default, most Linux-packing version does not open the password aging, but the order to open it is very simple.

By editing /etc/login.defs, you can specify a few parameters to set the default password setting effective:

PASS_MAX_DAYS 99999

PASS_MIN_DAYS 0

PASS_WARN_AGE 7

When password aging set number of days 99999, in fact, equivalent to close the password aging. A more sensible set is generally 60 days - forced to change their passwords every two months.

PASS_MIN_DAYS parameter is set in the password change after this, the next time allows for a minimum number of days before changing the password needed. PASS_WARN_AGE setting specifies the number of days before password expiration began to notify the user to change the password (usually the user login system will receive just a warning notice).

You will also edit the / etc / default / useradd file, look for INACTIVE and EXPIRE two key words:

INACTIVE = 14

EXPIRE =

This will indicate how long a time, if the password does not change, it will fail to account for changes in the state after the password expiration. In this case, the time is 14 days. The EXPIRE setting is used for all new users to set a password expiration clear time (specifically the format of "year - month - date").

Obviously, after these settings changes, can only affect the newly created user. To modify the current existing user specific settings, you need to use the chage tool.

# Chage -M 60 joe

This command will set the user joe PASS_MAX_DAYS 60, and modify the corresponding shadow file.

You can use the chage -l option, lists the current account aging, the use -m options are set PASS_MIN_DAYS, with -W is set PASS_WARN_AGE, and so on. chage tool allows you to modify a particular account of all password aging state.

Note that, chage apply only to the local system account, if you are using a similar authentication system such as LDAP, the tool will fail. If you are using LDAP for authentication, and you intend to use the chage, then, even just trying to list the timeliness of information the user password, you will find chage simply does not work.

Develop a strategy to define how long a password must be changed, then the enforcement of the policy is a very good practice. After the dismissal of an employee, password aging policy will ensure that the employee can not be fired in three months and found his password is still available. Even if the system administrator to delete his account ignores the account due to password aging policy will be automatically locked. Of course, this is no reason for not promptly remove the employee's account, but this strategy does provide an extra layer of security, especially in the past often ignored the account cleared up the case.
     
         
         
         
  More:      
 
- Hadoop configuration ssh automation of automation (Server)
- MySQL partition table Comments (Database)
- Android judgment toward camera pictures (Programming)
- After the first remote installation GlassFish Web to remotely access their back office management system error solution appears (Server)
- JavaScript common functions summary (Programming)
- Large site architecture study notes (Server)
- Python Dir find a folder several files (Programming)
- Ftp user to create multiple virtual machines to support different access rights Examples (Server)
- Java NIO2: Buffer (Programming)
- How to find out a Unix system library files are 32-bit or 64-bit (Linux)
- Use Bosh deploy CloudFoundry problems encountered on OpenStack (Server)
- Linux remote connectivity tools -OpenSSH (Linux)
- Linux command ls (Linux)
- Source code to compile and install MySQL 5.7.9 (Database)
- How to deploy Icinga client (Server)
- SVN hook code set to synchronize Web directory (Server)
- Linux, how to filter, split, and merge pcap file (Linux)
- C + + secondary pointer memory model (pointer array) (Programming)
- Java regular expression syntax (Programming)
- MyCAT easy entry (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.