LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   PAM password aging controls for individual accounts in RHEL 6.x (https://www.linuxquestions.org/questions/linux-security-4/pam-password-aging-controls-for-individual-accounts-in-rhel-6-x-4175493832/)

CJWillman 02-05-2014 12:46 PM
PAM password aging controls for individual accounts in RHEL 6.x
 
I am using PAM on Redhat Enterprise Linux 6.4. Everything is configured and operating correctly for password aging, length, complexity, etc. but I have recently run into a situation where a number of service accounts are required to keep their password. We have increased the minimum password length to address our policy requirements to allow this, however, I am trying to just shut off the aging requirement for these accounts. I would like to know if there is a way to control password aging differently for specific users or groups. Anyone have any ideas on how to do this or if it is even possible?

Thanks for your time,
Chris

MensaWater 02-05-2014 01:52 PM
Have a look at the "chage" command.

From man page on RHEL6:
Quote:
-E, --expiredate EXPIRE_DATE
Set the date or number of days since January 1, 1970 on which the
userīs account will no longer be accessible. The date may also be
expressed in the format YYYY-MM-DD (or the format more commonly
used in your area). A user whose account is locked must contact the
system administrator before being able to use the system again.

Passing the number -1 as the EXPIRE_DATE will remove an account
expiration date.

CJWillman 02-05-2014 02:34 PM
Thanks
 
Thanks for the help. I was thinking with tunnel vision and really only looking within PAM. I tried the chage -E but that made the account itself not expire. Instead I used chage -M 99999 <username> and I think that will do what I need.

Chris


All times are GMT -5. The time now is 05:08 PM.