A Rare Treat
Today, I bring you an actual technical tip.
Sadly, it’s not a tip I bring to you via actual experience, but via a regular e-mail I get from the fine folks at TechRepublic. Among the many e-mail news updates I get, they send me a Linux “tech note” filled with helpful information. Today’s was particularly useful, or would be if I were still actively using Linux at work. In the Windows world, a standard setting is to have the Windows password expire every so often, forcing users to create new ones. This usually prompts them to throw out their old yellow sticky note stuck to the bottom of their keyboard, too, but that’s just a side effect of improved security. Now, thanks to this article, you can enable password aging on Linux, too.
Before you start creating users, edit the /etc/login.defs file. Change the following settings:
PASS_MAX_DAYS 99999
(Change this from 99,999 days to something more like 60 or 90. That will force users to change their password more often.)
PASS_MIN_DAYS 0
(Normally, you wouldn’t need to change this.)
PASS_WARN_AGE 7
(This gives them a full week of warnings to change their password. You know your users, but I think “less is more”. Five days should be more than enough.)
You will also want to edit the /etc/default/useradd file, looking for the INACTIVE and EXPIRE keywords:
INACTIVE=14
(This would make an account that has allowed its password to expire to go “inactive” after two weeks. That’s a week of warnings and a week of not working. Should be plenty.)
EXPIRE=
(This sets a specific date for an account to “time out”, regardless of when the password was set. Normally, I’d leave that alone, but if you really want to set it, it’s done in the format YYYY-MM-DD.)
That should get you through most “normal” situations, but if you’ve already got existing users or want more information, read the article at Tech Republic.
Wow, that was fun. For me, at least. Now, all I need is a job that lets me actually use those Linux skills that are rusting like a horse-drawn plow in the Winter snow….
