Saturday, 2 September 2017

How to Set Password Policy in /etc/login.defs on Centos/RHEL



The password aging controls and password length are defined in /etc/login.defs file. The password policy required to defining the number of days a password is valid, minimum length of a password, the strength of a password, and number of warning days before the password expires. To apply password policy, edit /etc/login.defs file and set PASS values.


PN: - The password policy affect only newly created users, do not impact to existing users.

Here is a list of default password policy that we typically set in /etc/logins.defs. Use the below command to check the existing password policy in /etc/login.defs:

[root@linuxcnf ~]# cat /etc/login.defs |grep PASS|grep -v password
PASS_MAX_DAYS     99999
PASS_MIN_DAYS      0
PASS_MIN_LEN         5
PASS_WARN_AGE    7
[root@linuxcnf ~]#

To configure password policy, open /etc/login.defs file and modify values as below:

[root@linuxcnf ~]# vi /etc/login.defs

PASS_MAX_DAYS   30
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   7

To verify the parameters value use below command:

[root@linuxcnf ~]# cat /etc/login.defs |grep PASS|grep -v password
PASS_MAX_DAYS   30
PASS_MIN_DAYS   0
PASS_MIN_LEN    8
PASS_WARN_AGE   7
[root@linuxcnf ~]#

You have done!

No comments:

Post a comment