環境redhat 5和redhat 6
問題:想寫個shell腳本自動提醒用戶密碼過期
在查看/etc/login.def 和chage 命令后,發現一個問題:/etc/login.def 中的密碼過期設置PASS_MAX_DAYS即使改了,chage命令查看和/etc/shadow文件中的過期時間也是never,沒有跟着一起變化。但是如果此時新建一個用戶,該用戶會使用新的login.defs參數。
然后重啟操作系統,依舊沒有變化。
看到一個帖子,有原因說明:
At this point you may be wondering how to get the system to automatically force users to change their password after some period of time. This is not actually the job of pam_cracklib. Instead, these parameters are set in the /etc/login.defs file on most Linux systems. PASS_MAX_DAYS is how often users have to change their passwords. PASS_MIN_DAYS is how long a user is forced to live with their new password before their allowed to change it again. PASS_WARN_AGE is the number of days before the password expiration date that the user is warned that their password is about to expire. The choice of values for these parameters is entirely dependent on site policy.
Note that these parameters are only applied to new accounts created with the default system useradd program. If you use some other mechanism for creating accounts on the system, then you'll have to use the chage command (this is not a typo) to manually set these parameters on your user accounts. And if you use a naming service such as LDAP or NIS for account management, then you're completely on your own.
By the way, if you've ever wondered what all those extra fields in the /etc/shadowfile were for, the answer is that they store the password expiration/aging information for the user.