• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

RHEL 7 – RHCSA Notes : Change passwords and adjust password aging for local user accounts

By admin

RHEL 7 – RHCSA Notes (Cheat Sheets)

Password configuration

password aging requires users to change their password periodically. Use the chage to configure password expiration. The syntax is :

# chage [options] user_name

– When you fire the command chage, the currently set options are displayed as well.

# chage oracle
Changing the aging information for oracle
Enter the new value, or press ENTER for the default

	Minimum Password Age [14]:
	Maximum Password Age [30]:
	Last Password Change (YYYY-MM-DD) [2016-08-23]:
	Password Expiration Warning [7]:
	Password Inactive [-1]:
	Account Expiration Date (YYYY-MM-DD) [1969-12-31]:

Password expiration information is stored in /etc/shadow file.

# grep oracle /etc/shadow
oracle:$6$H28sLVDL$iNvp/AvbMeqqrslH2bfmTxJpE6.mO8UNzlIXGB3sp87jZP9dW1DxeoLf2QXR7hkLkomuXbtgO1zPKUEYRY8YI1:15284:14:30:7:::

As shown above the oracle user has minimum password age of 14 and maximum password age of 30 – It means that in 14 days the user will have 30 days to change the password. Also the user is warned to change the password 7 days prior to password expiry date.

chage options

Number of options are available in chage command. To list aging information :

# chage -l geek
Last password change					: Sep 18, 2016
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

To force a user to set a new password immediately (force immediate expiration), set the last password change value to 0 :

# chage –d 0 geek

authconfig

The Linux user password hashing algorithm is also configurable. Use the authconfig command to determine the current algorithm being used, or to set it to something different. To determine the current algorithm:

# authconfig --test | grep hashing
 password hashing algorithm is sha512

To change the algorithm, use the –passalgo option with one of the following as a parameter: descrypt, bigcrypt, md5, sha256, or sha512, followed by the –update option.

# authconfig --passalgo=md5 --update

/etc/login.defs file

/etc/login.defs file provides default user account settings. Default values include:

  • Location of user mailboxes
  • Password aging controls
  • Values for automatic UID selection
  • Values for automatic GID selection
  • User home directory creation options
  • umaskvalue
  • Encryption method used to encrypt passwords

Sample /etc/login.defs file :

# cat /etc/login.defs
.....
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7
......
GID_MIN                  1000
GID_MAX                 60000
.....
UID_MIN                  1000
UID_MAX                 60000

Filed Under: CentOS/RHEL 7, RHCSA notes

Some more articles you might also be interested in …

  1. CentOS / RHEL 7 : How to rename the volume group for root and swap
  2. Understanding iscsiadm Utility in CentOS / RHEL
  3. CentOS / RHEL 7 : How to set date, time / NTP and timezone using timedatectl
  4. CentOS / RHEL : How to Enable SSL For Apache
  5. CentOS / RHEL 7 : Booting process
  6. CentOS / RHEL 7 firewalld : Command line reference (Cheat Sheet)
  7. How to Convert Ext File Systems to Btrfs
  8. “Bad id for repo: My Repo, byte = 2” yum update error
  9. CentOS / RHEL 7 : How to check the status of a service using systemd
  10. Understanding RPM Versions and Naming Schemes

You May Also Like

Primary Sidebar

Recent Posts

  • How to Disable IPv6 on Ubuntu 18.04 Bionic Beaver Linux
  • How to Capture More Logs in /var/log/dmesg for CentOS/RHEL
  • Unable to Start RDMA Services on CentOS/RHEL 7
  • How to rename a KVM VM with virsh
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary