hey guys skip to tech parker here today i want to talk about password aging in linux now this is a pretty simple process it’s a one command that has a few switches that will allow you to set the password expiration and the various rules that go along with that so to start off the first thing you’ll obviously want to be able to do is actually look at what the password expiration policy is for a user so to do that we’re going to use sudo ch dash lowercase l and the user we’re looking at as always we’re working with the user tech marker this is the defaults for centos and rail password never expires password never goes inactive account never expires password can be changed at any time and there’s a warning of seven days before the password does in fact expire most companies are going to ask you to set a 90-day expiration policy for a user to do that we’re going to use chh dash capital m that’s for maximum number of days and we’re going to set that to 90 for techmarker now you’ll see the password will now expire on january 31st 2021 and the maximum number of days between password change is now 90. the next thing you may want to be able to set is the minimum number of days after a password has changed before it can be changed again the default is zero so it can be changed at any point but you may want to set that to one day to prevent a user from just constantly changing a password over and over again to do that we’re going to use chh lowercase m for a minimum i want to say one and take marker now you notice the minimum number of days after a password change before it can be changed again is one day this is a good practice if for no other reason it can really help cut on cut down on help desk calls next we want to look at the number of days after a password expires before it goes in active okay so by default it doesn’t but let’s say i get my company we want to go 30 days before or after the expiration and the password before the account actually goes inactive so let’s say c h dash capital i for inactive
- and i’m gonna say this is protect marker now you’ll notice that the password will expire on january 31st and the password will go into an inactive status on march 2nd 30 days after another thing you may run into is setting an actual account expiration let’s say you have a contractor working and they have a set day that their they’re done and should no longer have access to the system if you don’t set this you know it may be something that gets forgotten and the account stays out there it happens you set an expiration though the account will expire on the specified date so to do that we’re going to say tech barker is expiring at the end of the year you need to specify the date in year year year year dash month month day day now you’ll notice tech barker’s account expires december 31st 2020 just like we said it one last thing we want to change is or learn about is the number of days of warning before a password expires the default is seven but let’s say in some instances you may need more than seven so we’re going to say we’re going to set this to 10. we’ll use chh dash capital w for warning i’m gonna give 10 days and set this protect marker now you’ll notice the number of days of warning before password expires is set to 10. and that should do it for today be sure to leave comments below anything you’d like to see or any questions you might have and be sure also be sure to like and subscribe and i’ll see you next time