Differences

This shows you the differences between two versions of the page.

--- linux:redhat_user [2023/08/09 16:31]
manu
+++ linux:redhat_user [2025/07/09 15:46] (current)
manu
@@ Line 49: / Line 49: @@
 shs                   68        0        0      12:35 Sandra H-S
 </cli>
+<cli prompt='>'>
+[root@linux1] /root > passwd -S glpiagent
+glpiagent PS 2024-02-13 0 99999 7 -1 (Password set, SHA512 crypt.)
+</cli>
 List all groups, local and LDAP
@@ Line 99: / Line 105: @@
 user01@test.lu:*:1234423298:1234400513:My test user:/home/user01@test.lu:/usr/bin/bash
 </cli>
+List users in an AD group
+<cli prompt='>'>
+[user1@linux1] /home/user1 > getent group grpadmin@test.lu
+grpadmin@ad.lu:*:1234423233:user01@test.lu,user02@test.lu,user03@test.lu,
+</cli>
 === Create user and group ===
@@ Line 115: / Line 128: @@
   usermod -L [LOGIN]
-The chage utility.
+The **chage** utility.
+<cli prompt='#'>
+[root@linux01 ~]# chage -M 90 myadmin
+[root@linux01 ~]# chage -l myadmin
+Last password change                                    : May 23, 2025
+Password expires                                        : May 23, 2026
+Password inactive                                       : never
+Account expires                                         : never
+Minimum number of days between password change          : 0
+Maximum number of days between password change          : 90
+Number of days of warning before password expires       : 8
+[root@linux01 ~]# lchage -l myadmin
+Account is not locked.
+Minimum:        0
+Maximum:        90
+Warning:        8
+Inactive:       Never
+Last Change:    05/23/2025
+Password Expires:       05/23/2026
+Password Inactive:      Never
+Account Expires:        Never
+</cli>
 Usage: chage [options] [LOGIN]
@@ Line 140: / Line 176: @@
   passwd -u USER
   usermod -U USER
+Verify the status of a user with passwd command
+  P or PS: password is set (user is unlocked)
+  L or LK: User is locked
+  N or NP: No password is needed by the user
+<cli prompt='#'>
+[root@temp-rh8 ~]# passwd -S agent
+agent PS 2023-10-16 0 99999 7 -1 (Password set, SHA512 crypt.)
+</cli>
 Change PAM config for pawword-history
@@ Line 157: / Line 202: @@
 ==== Defaults User parameters ====
+Files for password management
+  On Redhat 9 the file /etc/libuser.conf is used
+  /etc/security/pwquality.conf
+  /etc/security/pwhistory.conf
 === Password Algorithm ===
@@ Line 175: / Line 226: @@
 getsebool:  SELinux is disabled
 </cli>
+On Redhat 9 the file **/etc/libuser.conf** is used
 Content of login.defs file:
@@ Line 251: / Line 304: @@
 ENCRYPT_METHOD SHA512
 </cli>
+==== User locked ====
+Check locked users
+<cli prompt='#'>
+[root@Linux ~]# passwd -S user1
+user1 LK 2023-01-07 0 99999 7 -1 (Password locked.)
+</cli>
+To check if a system is configured to allow more or less than the usual three failed logins, we can check the value of deny in the **/etc/security/faillock.conf** file:
+<cli prompt='#'>
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+ deny = 3
+</cli>
+<cli prompt='#'>
+# faillock --user baeldung
+baeldung:
+When                Type  Source                                           Valid
+-06-21 18:32:16 RHOST 192.168.0.22                                         V
+-06-21 18:32:29 RHOST 192.168.0.22                                         V
+-06-21 18:32:41 RHOST 192.168.0.22                                         V
+</cli>
+Unlock a user:
+<cli prompt='#'>
+# faillock --user baeldung  --reset
+</cli>
+Or
+<cli prompt='#'>
+# rm /var/run/faillock/baeldung
+</cli>
 http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils

wiki

User Tools

Site Tools

Differences

Page Tools