Configuring Password Ageing
Invalidate a user's password after a specified period.
/etc/login.defs file:
| Setting | Description |
|---|---|
|
|
Maximum number of days a password can be used before it must be changed. The default value is 99,999 days. |
|
|
Minimum number of days allowed between password changes. The default value is 0 days. |
|
|
Number of days before a password expires that a warning is displayed. The default value is 7 days. |
For more information, see the login.defs(5) manual page.
To change how long a user's account can be inactive before it's locked, use the usermod command. For example, to set the inactivity period to 30 days:
sudo usermod -f 30 username
To change the default inactivity period for new user accounts, use
the useradd command:
sudo useradd -D -f 30A value of -1 specifies that user accounts aren't locked because of inactivity.
For more information, see the useradd(8) and
usermod(8) manual pages.