• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

RHEL 7 – RHCSA Notes : Change passwords and adjust password aging for local user accounts

by admin

RHEL 7 – RHCSA Notes (Cheat Sheets)

Password configuration

password aging requires users to change their password periodically. Use the chage to configure password expiration. The syntax is :

# chage [options] user_name

– When you fire the command chage, the currently set options are displayed as well.

# chage oracle
Changing the aging information for oracle
Enter the new value, or press ENTER for the default

	Minimum Password Age [14]:
	Maximum Password Age [30]:
	Last Password Change (YYYY-MM-DD) [2016-08-23]:
	Password Expiration Warning [7]:
	Password Inactive [-1]:
	Account Expiration Date (YYYY-MM-DD) [1969-12-31]:

Password expiration information is stored in /etc/shadow file.

# grep oracle /etc/shadow
oracle:$6$H28sLVDL$iNvp/AvbMeqqrslH2bfmTxJpE6.mO8UNzlIXGB3sp87jZP9dW1DxeoLf2QXR7hkLkomuXbtgO1zPKUEYRY8YI1:15284:14:30:7:::

As shown above the oracle user has minimum password age of 14 and maximum password age of 30 – It means that in 14 days the user will have 30 days to change the password. Also the user is warned to change the password 7 days prior to password expiry date.

chage options

Number of options are available in chage command. To list aging information :

# chage -l geek
Last password change					: Sep 18, 2016
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

To force a user to set a new password immediately (force immediate expiration), set the last password change value to 0 :

# chage –d 0 geek

authconfig

The Linux user password hashing algorithm is also configurable. Use the authconfig command to determine the current algorithm being used, or to set it to something different. To determine the current algorithm:

# authconfig --test | grep hashing
 password hashing algorithm is sha512

To change the algorithm, use the –passalgo option with one of the following as a parameter: descrypt, bigcrypt, md5, sha256, or sha512, followed by the –update option.

# authconfig --passalgo=md5 --update

/etc/login.defs file

/etc/login.defs file provides default user account settings. Default values include:

  • Location of user mailboxes
  • Password aging controls
  • Values for automatic UID selection
  • Values for automatic GID selection
  • User home directory creation options
  • umaskvalue
  • Encryption method used to encrypt passwords

Sample /etc/login.defs file :

# cat /etc/login.defs
.....
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7
......
GID_MIN                  1000
GID_MAX                 60000
.....
UID_MIN                  1000
UID_MAX                 60000

Filed Under: CentOS/RHEL 7, RHCSA notes

Some more articles you might also be interested in …

  1. How to enable SFTP Logging without chroot in CentOS/RHEL
  2. CentOS / RHEL 7 : How to boot into Rescue Mode or Emergency Mode
  3. How to Stop SSH Session From Getting Timed Out
  4. Where to find ASMLib / oracleasm RPMs for CentOS/RHEL, SUSE, OEL
  5. Beginners guide to Device Mapper (DM) multipathing
  6. How to control resource (cgroup) with systemd for user process group in CentOS/RHEL 7
  7. How to connect to an Active Directory Domain using Realmd (Configure CentOS/RHEL 7 as active directory client)
  8. How to run rsyslog as a non-root user in CentOS/RHEL 7
  9. How to install an RPM package into a different directory in CentOS/RHEL/Fedora
  10. Time goes out of sync on a node running CentOS/RHEL 7

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright