环境redhat 5和redhat 6
问题:想写个shell脚本自动提醒用户密码过期
在查看/etc/login.def 和chage 命令后,发现一个问题:/etc/login.def 中的密码过期设置PASS_MAX_DAYS即使改了,chage命令查看和/etc/shadow文件中的过期时间也是never,没有跟着一起变化。但是如果此时新建一个用户,该用户会使用新的login.defs参数。
然后重启操作系统,依旧没有变化。
看到一个帖子,有原因说明:
At this point you may be wondering how to get the system to automatically force users to change their password after some period of time. This is not actually the job of pam_cracklib. Instead, these parameters are set in the /etc/login.defs file on most Linux systems. PASS_MAX_DAYS is how often users have to change their passwords. PASS_MIN_DAYS is how long a user is forced to live with their new password before their allowed to change it again. PASS_WARN_AGE is the number of days before the password expiration date that the user is warned that their password is about to expire. The choice of values for these parameters is entirely dependent on site policy.
Note that these parameters are only applied to new accounts created with the default system useradd program. If you use some other mechanism for creating accounts on the system, then you'll have to use the chage command (this is not a typo) to manually set these parameters on your user accounts. And if you use a naming service such as LDAP or NIS for account management, then you're completely on your own.
By the way, if you've ever wondered what all those extra fields in the /etc/shadowfile were for, the answer is that they store the password expiration/aging information for the user.