預設密碼過期

Linux 系統預設的密碼過期策略在 /etc/login.defs。

[root@kvm8 ~]# grep ^PASS_ -B7 /etc/login.defs
# Password aging controls:
#
# 密碼需要重新變更的天數，99999 表示密碼不需要重新設定。
#	PASS_MAX_DAYS	Maximum number of days a password may be used.
# 密碼不可被更動的天數，0 表示密碼隨時可以更動。
#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
# 密碼最短長度，5 表示密碼不能少於5個字元。
#	PASS_MIN_LEN	Minimum acceptable password length.
# 密碼需要變更前的警告，7 表示7天之內系統會警告帳號。
#	PASS_WARN_AGE	Number of days warning given before a password expires.
#
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7

新增帳號 deyu11
```
[root@kvm8 ~]# useradd deyu11
```

chage 命令查詢變醠帳號密碼過期狀態。

[root@kvm8 ~]# chage --help
Usage: chage [options] LOGIN

Options:
  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximum number of days before password
                                change to MAX_DAYS
  -R, --root CHROOT_DIR         directory to chroot into
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

查詢帳號 deyu11 的密碼過期狀態，如預設策略。

[root@kvm8 ~]# chage -l deyu11
Last password change					: Dec 17, 2021
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

查詢帳號 deyu11 在 /etc/shadow 的各欄位值，與chage查詢結果一樣。
```
[root@kvm8 ~]# getent shadow deyu11
deyu11:!!:18978:0:99999:7:::
```