linux:redhat_user
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:redhat_user [2024/02/14 14:38] manu |
linux:redhat_user [2025/07/09 15:46] (current) manu |
||
|---|---|---|---|
| Line 131: | Line 131: | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| [root@linux01 ~]# chage -M 90 myadmin | [root@linux01 ~]# chage -M 90 myadmin | ||
| + | |||
| [root@linux01 ~]# chage -l myadmin | [root@linux01 ~]# chage -l myadmin | ||
| - | Last password change : Jul 22, 2019 | + | Last password change : May 23, 2025 |
| - | Password expires : Oct 20, 2019 | + | Password expires : May 23, 2026 |
| Password inactive : never | Password inactive : never | ||
| Account expires : never | Account expires : never | ||
| - | Minimum number of days between password change : 7 | + | Minimum number of days between password change : 0 |
| Maximum number of days between password change : 90 | Maximum number of days between password change : 90 | ||
| - | Number of days of warning before password expires : 7 | + | Number of days of warning before password expires : 8 |
| + | |||
| + | [root@linux01 ~]# lchage -l myadmin | ||
| + | Account is not locked. | ||
| + | Minimum: 0 | ||
| + | Maximum: 90 | ||
| + | Warning: 8 | ||
| + | Inactive: Never | ||
| + | Last Change: 05/23/2025 | ||
| + | Password Expires: 05/23/2026 | ||
| + | Password Inactive: Never | ||
| + | Account Expires: Never | ||
| </cli> | </cli> | ||
| Line 190: | Line 202: | ||
| ==== Defaults User parameters ==== | ==== Defaults User parameters ==== | ||
| + | |||
| + | Files for password management | ||
| + | On Redhat 9 the file /etc/libuser.conf is used | ||
| + | /etc/security/pwquality.conf | ||
| + | /etc/security/pwhistory.conf | ||
| + | |||
| === Password Algorithm === | === Password Algorithm === | ||
| Line 208: | Line 226: | ||
| getsebool: SELinux is disabled | getsebool: SELinux is disabled | ||
| </cli> | </cli> | ||
| + | |||
| + | On Redhat 9 the file **/etc/libuser.conf** is used | ||
| Content of login.defs file: | Content of login.defs file: | ||
| Line 284: | Line 304: | ||
| ENCRYPT_METHOD SHA512 | ENCRYPT_METHOD SHA512 | ||
| </cli> | </cli> | ||
| + | |||
| + | ==== User locked ==== | ||
| + | |||
| + | Check locked users | ||
| + | <cli prompt='#'> | ||
| + | [root@Linux ~]# passwd -S user1 | ||
| + | user1 LK 2023-01-07 0 99999 7 -1 (Password locked.) | ||
| + | </cli> | ||
| + | |||
| + | To check if a system is configured to allow more or less than the usual three failed logins, we can check the value of deny in the **/etc/security/faillock.conf** file: | ||
| + | <cli prompt='#'> | ||
| + | # Deny access if the number of consecutive authentication failures | ||
| + | # for this user during the recent interval exceeds n tries. | ||
| + | # The default is 3. | ||
| + | deny = 3 | ||
| + | </cli> | ||
| + | |||
| + | <cli prompt='#'> | ||
| + | # faillock --user baeldung | ||
| + | baeldung: | ||
| + | When Type Source Valid | ||
| + | 2022-06-21 18:32:16 RHOST 192.168.0.22 V | ||
| + | 2022-06-21 18:32:29 RHOST 192.168.0.22 V | ||
| + | 2022-06-21 18:32:41 RHOST 192.168.0.22 V | ||
| + | </cli> | ||
| + | |||
| + | Unlock a user: | ||
| + | <cli prompt='#'> | ||
| + | # faillock --user baeldung --reset | ||
| + | </cli> | ||
| + | |||
| + | Or | ||
| + | <cli prompt='#'> | ||
| + | # rm /var/run/faillock/baeldung | ||
| + | </cli> | ||
| + | |||
| http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils | http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils | ||
linux/redhat_user.1707917896.txt.gz · Last modified: 2024/02/14 14:38 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
