We can apply password policy through graphical user administration tool, but I would suggest to use command line tool to change password policy. To change password policy through command line in Linux, we just have to edit /etc/login.defs file. Only root user can edit this file.
When useradd command used a user is created and then useradd binary now proceeds with the process of user creation and goes to the /etc/login.defs file to get following values from the file :
MAIL_DIR /var/spool/mail
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
UID_MIN 500
UID_MAX 60000
GID_MIN 500
GID_MAX 60000
CREATE_HOME yes
|
Description : -
-----------
1. MAIL_DIR: Directory where the user's mail will be stored.
-----------
1. MAIL_DIR: Directory where the user's mail will be stored.
2. PASS_MAX_DAYS: Maximum number of days for the validity of a password.
3. PASS_MIN_DAYS: Minimum number of days gap before a password can be changed again.
4. PASS_MIN_LEN: Minimum required length of a password.
5. PASS_WARN_AGE: Warning for password expiry to be given before the stipulated number of days.
6. UID_MIN: Minimim value for automatic user id selection.
7. UID_MAX: Maximum value for automatic user id selection.
8. GID_MIN: Minimum value for automatic group id selection.
9. GID_MAX: Maximum value for automatic group id selection.
10. CREATE_HOME: Whether useradd should create home directories for users .
If we change these values in /etc/login.defs file, when new user is created, the user will hold the new values.
No comments:
Post a Comment