For a while we have been talking in this Blog on security with particular emphasis on how to create secure keys.
As much as we try to generate a good key code it is useless if we always use the same until the “end of days.”
In this article we will focus on the how to configure Linux for that he system force us every certain weather and, in a comfortable way, to change the key code of our user.
Configure password change
The magic is performed by the command chage to which only the user should have access root (Another thing is that you want to see the information related to the change of password of a certain user)
To be able to configure when and who should change their passwords periodically, it will be enough to throw from the terminal
sudo chage USERNAME
- USERNAME is the identifier of the Linux user whose password change you want to configure (in the example in the figure it is jasvazquez)
The system will ask a series of values, if you don’t want to complicate your life (and the value offered will serve you) just press Enter so that the one between the brackets is used
To simplify its use you I will comment on the most interesting parameters to be entered
- Minimum password duration. The time that must pass before you can change the password
- Maximum password life. The longest time a user can have a password before being forced to change it
- Notice of expiration of the account. The maximum number of days that the system will allow us to avoid having to change the password once the term that we established with the previous parameter expires-
- Password inactive. Number of days that, after a key expires, the system will let the system pass without us connecting. If we do not do it, the account will be blocked (it will not be able to be logged in) and it must be root who must unlock it so that it can enter (if you change the password, it is not released by those)
- Date of Expiry. Maximum account life limit. From that date the user will not be able to access his account. Very useful if you want to temporarily create a user for someone
A good way to change the keys every so often without having to bother to even remember to do so.
I wish GMail included the same functionality because how many of you change it with some regularity? 😉