Essential Guide to Configuring Linux Password Policies

Essential Guide to Configuring Linux Password Policies

The Linux system provides a powerful password management mechanism that can effectively enhance server security. Below, we will introduce how to set password complexity rules and expiration times.

1. Setting Password Complexity Rules

1. Using the PAM pam_pwquality Module

Edit <span>/etc/pam.d/system-auth</span> or <span>/etc/pam.d/common-password</span> file, and add the following content:

password    required    pam_pwquality.so minlen=10 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1

Essential Guide to Configuring Linux Password Policies

Parameter Explanation:

  • <span>minlen=10</span> – The minimum password length is 10 characters
  • <span>ucredit=-1</span> – Must contain at least 1 uppercase letter
  • <span>lcredit=-1</span> – Must contain at least 1 lowercase letter
  • <span>dcredit=-1</span> – Must contain at least 1 digit
  • <span>ocredit=-1</span> – Must contain at least 1 special character

2. Prohibiting the Use of Old Passwords

Add the following in the same file:

password    required    pam_unix.so sha512 shadow try_first_pass remember=5

Essential Guide to Configuring Linux Password Policies

<span>remember=5</span> indicates that the last 5 used passwords are prohibited.

3. Setting Password Expiration Policy

Edit the <span>/etc/login.defs</span> file:

PASS_MAX_DAYS   90    # Maximum password usage days
PASS_MIN_DAYS   7     # Minimum days between password changes
PASS_WARN_AGE   7     # Start warning 7 days before password expiration

Essential Guide to Configuring Linux Password Policies

2. Setting Expiration Time for Existing Users’ Passwords

1. Modifying a Single User

# Set password to expire after 90 days
chage -M 90 username

# Set password to be changed at least 7 days later
chage -m 7 username

# Set reminder 7 days before expiration
chage -W 7 username

# Force user to change password on next login
chage -d 0 username

2. Checking User Password Status

chage -l username

3. Verifying Password Policies

  1. 1. Create a test user and set a password to verify complexity requirements
  2. 2. Use <span>chage -l</span> to check password expiration information
  3. 3. Test login behavior after password expiration

4. Considerations

  • • The PAM configuration file locations may vary across different Linux distributions
  • • Password policies only apply to newly set passwords
  • • It is recommended to use the SHA512 password hashing algorithm

Related posts

  1. Linux Kernel Knowledge Triggered by Java int Type Overflow – Fixing the ip2region Bug
  2. Linux | 6. Command Line and Basic Commands
  3. 4G/Wi-Fi/Ethernet: Practical Smart Multi-Network Integration Communication
  4. Analysis of Information Security Threats for Quantum Computing and Countermeasures
  5. Wi-Fi Security: Protecting Your Data from Hackers
  6. Current Status and Development Trends of Engine ECU
  7. Data Overflow Handling in ECU Application Layer Model Development
  8. Agentic Multi-modal Cognition: Empowering Intelligent Cognitive Technology in Construction
  9. Professional Knowledge (Seventeen)
  10. Insight into NOR Flash: Industry Analysis
  11. When Robots Grow “Rubber Muscles”: A Breakthrough from Northwestern University Transforms Rigid Machines into Agile Performers
  12. Compilation of Learning Materials on the Revised Representative Law (Part Six)
  13. AnyMesh-BWL-2W Self-Organizing Network Radio 20km Air-to-Ground Long-Distance Test
  14. Practical English | Compilation of Engineering English Vocabulary (Twenty-Seven)
  15. ByteDance Launches a Versatile Robot Model Led by Li Hang
  16. Compilation of 14 Laws, 31 Regulations, and 129 Approvals Related to Health Administration Law Enforcement
  17. Interview with Luo Gang of MiGui Technology: Deepening High-Speed Optical Communication Chips and Launching the World’s First 6G Front-Transmission CDR Analog Solution
  18. Comparative Analysis of C++ and C# in Embedded Development
  19. Beware! The ‘Pitfalls’ of Floating-Point Precision Loss in C Language and Detailed Explanation of Scientific Notation Output

Leave a Comment