Apply password expiry policy


1) If we have to apply password expiry policy on all users ; I think its done in /etc/login.defs by changing parameters like PASS_MAX_DAYS etc.
Does that policy only apply to users created after this change in the /etc/login.defs file ? I assume so.

2)if the change in /etc/login.defs only apply to new users(created after change) , do we have to manually set the policy for existing users individually by "passwd" or chage ? (vipw -s is not reccomended i suppose)



  • post-author-pic
    Michael M

    Hello Babar,

    You are correct, Changing the password policy only affects the users created after the change. To change the existing users you would need to run the ' chage ' command on each user.  While you could do this in a loop in bash there is not a reliable way to ensure that you are only affecting the 'user' accounts and not affecting service accounts. 

  • post-author-pic

    Thanks Michael !

Looking For Team Training?

Learn More