Differences

This shows you the differences between two versions of the page.

--- linux:redhat_user [2023/08/21 09:37]
manu
+++ linux:redhat_user [2025/06/06 17:13] (current)
manu
@@ Line 49: / Line 49: @@
 shs                   68        0        0      12:35 Sandra H-S
 </cli>
+<cli prompt='>'>
+[root@linux1] /root > passwd -S glpiagent
+glpiagent PS 2024-02-13 0 99999 7 -1 (Password set, SHA512 crypt.)
+</cli>
 List all groups, local and LDAP
@@ Line 99: / Line 105: @@
 user01@test.lu:*:1234423298:1234400513:My test user:/home/user01@test.lu:/usr/bin/bash
 </cli>
+List users in an AD group
+<cli prompt='>'>
+[user1@linux1] /home/user1 > getent group grpadmin@test.lu
+grpadmin@ad.lu:*:1234423233:user01@test.lu,user02@test.lu,user03@test.lu,
+</cli>
 === Create user and group ===
@@ Line 118: / Line 131: @@
 <cli prompt='#'>
 [root@linux01 ~]# chage -M 90 myadmin
 [root@linux01 ~]# chage -l myadmin
-Last password change                                    : Jul 22, 2019
+Last password change                                    : May 23, 2025
-Password expires                                        : Oct 20, 2019
+Password expires                                        : May 23, 2026
 Password inactive                                       : never
 Account expires                                         : never
-Minimum number of days between password change          : 7
+Minimum number of days between password change          : 0
 Maximum number of days between password change          : 90
-Number of days of warning before password expires       : 7
+Number of days of warning before password expires       : 8
+[root@linux01 ~]# lchage -l myadmin
+Account is not locked.
+Minimum:        0
+Maximum:        90
+Warning:        8
+Inactive:       Never
+Last Change:    05/23/2025
+Password Expires:       05/23/2026
+Password Inactive:      Never
+Account Expires:        Never
 </cli>
@@ Line 151: / Line 176: @@
   passwd -u USER
   usermod -U USER
+Verify the status of a user with passwd command
+  P or PS: password is set (user is unlocked)
+  L or LK: User is locked
+  N or NP: No password is needed by the user
+<cli prompt='#'>
+[root@temp-rh8 ~]# passwd -S agent
+agent PS 2023-10-16 0 99999 7 -1 (Password set, SHA512 crypt.)
+</cli>
 Change PAM config for pawword-history
@@ Line 262: / Line 296: @@
 ENCRYPT_METHOD SHA512
 </cli>
+==== User locked ====
+Check locked users
+<cli prompt='#'>
+[root@Linux ~]# passwd -S user1
+user1 LK 2023-01-07 0 99999 7 -1 (Password locked.)
+</cli>
+To check if a system is configured to allow more or less than the usual three failed logins, we can check the value of deny in the **/etc/security/faillock.conf** file:
+<cli prompt='#'>
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+ deny = 3
+</cli>
+<cli prompt='#'>
+# faillock --user baeldung
+baeldung:
+When                Type  Source                                           Valid
+-06-21 18:32:16 RHOST 192.168.0.22                                         V
+-06-21 18:32:29 RHOST 192.168.0.22                                         V
+-06-21 18:32:41 RHOST 192.168.0.22                                         V
+</cli>
+Unlock a user:
+<cli prompt='#'>
+# faillock --user baeldung  --reset
+</cli>
+Or
+<cli prompt='#'>
+# rm /var/run/faillock/baeldung
+</cli>
 http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils

wiki

User Tools

Site Tools

Differences

Page Tools