Chinaunix首页 | 论坛 | 博客
  • 博客访问: 398043
  • 博文数量: 36
  • 博客积分: 1998
  • 博客等级: 上尉
  • 技术积分: 486
  • 用 户 组: 普通用户
  • 注册时间: 2006-08-23 13:48
文章分类

全部博文(36)

文章存档

2012年(11)

2011年(13)

2010年(12)

分类: LINUX

2010-05-26 16:50:17

在Redhat Linux 5.3中修改login.defs的参数在此之后新增的帐号才会生效,之前的用户不生效修改后的参数。
例如,/etc/login.defs中PASS_MAX_DAYS 30(表示强制30天要修改密码),新建一个monitor用户
在/etc/shadow中可以看到如下
monitor:XXXXXXXXXXXXX:23456:0:30:7:::  其中倒数第二个数字30表示强制30天修改
将/etc/login.defs中的PASS_MAX_DAYS改为90,再查看/etc/shadow,依然不会有变化。
用chage -l monitor查看,也不会有变化。但是如果此时新建一个用户,该用户会使用新的login.defs参数。
 
 
中有写到:
Password Expiration

At this point you may be wondering how to get the system to automatically force users to change their password after some period of time. This is not actually the job of pam_cracklib. Instead, these parameters are set in the /etc/login.defs file on most Linux systems. PASS_MAX_DAYS is how often users have to change their passwords. PASS_MIN_DAYS is how long a user is forced to live with their new password before their allowed to change it again. PASS_WARN_AGE is the number of days before the password expiration date that the user is warned that their password is about to expire. The choice of values for these parameters is entirely dependent on site policy.

Note that these parameters are only applied to new accounts created with the default system useradd program. If you use some other mechanism for creating accounts on the system, then you'll have to use the chage command (this is not a typo) to manually set these parameters on your user accounts. And if you use a naming service such as LDAP or NIS for account management, then you're completely on your own.

By the way, if you've ever wondered what all those extra fields in the /etc/shadow file were for, the answer is that they store the password expiration/aging information for the user.

阅读(9798) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~