Saturday, 31 March 2018

How to Set Password Policy on CentOS7/RHEL7



Password Policy for user accounts is one of the most important parts in Server Administration. The maximum number of days allowed, minimum number of days allowed, and number of warning days before the password expires refers to password aging, same as the number of characters needed to have for the password to be allowed refers to password length. Centos 7, Red Hat 7 and most of Linux distribution is the ability to manage and implement the password policies. 


This setting impact only when creating new user only and this will not impact existing users.

Configure Password Policy – Aging and Length:

Edit the below parameter in file /etc/login.def as below:

[root@linuxcnf ~]# vi /etc/login.defs
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS     35
PASS_MIN_DAYS      0
PASS_MIN_LEN         8
PASS_WARN_AGE    7

Save and close the file. Now the users can’t use less than 8 characters for their password and never use one password more than 35 days.

No comments:

Post a comment