Rogierm's Blog » Linux http://rogierm.redbee.nl/blog Just another blog with technical stuff Mon, 28 Jun 2010 21:04:31 +0000 en hourly 1 http://wordpress.org/?v=3.0 disable password aging http://rogierm.redbee.nl/blog/2009/08/04/disable-password-aging/ http://rogierm.redbee.nl/blog/2009/08/04/disable-password-aging/#comments Tue, 04 Aug 2009 21:26:01 +0000 admin http://rogierm.redbee.nl/blog/?p=45 In general it is a good idea to configure password aging as part of your password/security policy. In some cases however, this might cause unexpected problems. I’ve seen cases where an expired password prevented a machine from booting. In this specific case this was caused by a service that ran as the user with the expired password. In general you should not run services as a normal user account, but sometimes you just have to deal with things you can’t change. Generally the documentation states that to disable password aging you have to edit the /etc/shadow file, and remove the part where the password age is stored. This is quite error prone. If you do it this way, be sure to use vipw to prevent errors in this critical file. To disable password aging I recommend just using the command to enable it as well:

# chage -m 0 -M 99999 -E -1 username

Check the before and after:

# chage -l username
Minimum: 7
Maximum: 90
Warning: 7
Inactive: -1
Last Change: Jun 26, 2009
Password Expires: Sep 24, 2009
Password Inactive: Never
Account Expires: Never

After disabling password aging:

# chage -l username
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: Jun 26, 2009
Password Expires: Never
Password Inactive: Never
Account Expires: Never

As a note, please only disable password aging when there is no other way to fix the problem.

]]> http://rogierm.redbee.nl/blog/2009/08/04/disable-password-aging/feed/ 0