0

I want to set Maximum days of a password can be used. So I configure PASS_MAX_DAYS in /etc/login.defs, and PASS_WARN_AGE to warn user before the password expired. In my example, I set PASS_MAX_DAYS = 2, and PASS_WARN_AGE = 1. So the password will be expired in two days, and I will get warning of password expiring in 1 day.

  So my configure in /etc/login.defs is:
    PASS_MAX_DAYS   2
    PASS_MIN_DAYS   0
    PASS_MIN_LEN    8
    PASS_WARN_AGE   1

But the problem is, when 2 days coming, I will get warn information:

Warning: your password will expire in 0 days

But I can still login with my old password, and the system doesn't force me to change the password. Besides, the password is not the one of root account.

Why the system doesn't force me to change password when the expire days coming? How to configure the system to make password maximum days take effective? Could anyone help me with this? Thanks!

gravyface
  • 13,947
  • 16
  • 65
  • 100
zhaojing
  • 195
  • 1
  • 3
  • 11

1 Answers1

4

Have you create the account before or after you made the changes to the login.defs file if it was after then you still need to change the account data using chage:

chage -M 2 -m 0 -W 1 username

You may want to check /etc/default/useradd aswell and change the INACTIVE= to 2

Prix
  • 4,703
  • 3
  • 23
  • 25
  • The account is just created after I modified /etc/login.defs. Do you mean even I modified /etc/login.defs, I still have to use the command chage -M 2 -m 0 -W 1 username? – zhaojing Oct 08 '10 at 03:08
  • I wonder if I still have to use command chage -M 2 -m 0 -W 1 username(I believe it will take effetive), what effective does /etc/login.defs take? It seems login.defs doesn't take effective no matter after it is changed. – zhaojing Oct 08 '10 at 03:12
  • I am not sure but you can verify it by typing `chage -l username` which will list what is the current information on the username. For more information `chage --help` to list available options. – Prix Oct 08 '10 at 03:14
  • Prix, I finally find the way to solve the problem: create an account by useradd -f 0 USERNAME. (It will specify the number of the days The number of days after a password expires until the account is permanently disabled.) After that, when the expire days coming, account will never be able to login. It seems password expires and account expires are not the same things. Thanks for your help! – zhaojing Oct 08 '10 at 05:23