I have a server where MAXWEEKS is set to 13 in etc/default/passwd. I know that this setting means that password will expire after 13 weeks. My question is if the user does NOT change the password, does the account become locked out after this or does the system will force the user to change the password when the user logon? What setting can be set to automatically revoke access after certain weeks on inactivity?
Asked
Active
Viewed 407 times
0
-
3Thirteen week password expiration? **Passwords shouldn't expire.** Is the unthinking person who mandated that trying to force everyone to write down their passwords so they don't forget them? Or use predictable patterns in passwords, again so they don't forget them? https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html is highly relevant. As is https://www.npr.org/sections/alltechconsidered/2017/08/14/543434808/forget-tough-passwords-new-guidelines-make-it-simple NIST document: https://pages.nist.gov/800-63-3/sp800-63b.html – Andrew Henle Nov 07 '18 at 11:23
-
Related: https://docs.oracle.com/cd/E19455-01/806-1387/a08paswd-18101/index.html and https://docs.oracle.com/cd/E19455-01/806-1387/a08paswd-1/index.html – Kusalananda Nov 07 '18 at 11:50
1 Answers
2
The MAXWEEKS only sets the amount of time a certain password may be used before the user if forced to change it. The user will get a prompt with a request to change the password before the user can further login to the system.
Locking of an account after a period of inactivity requires a more advanced authorization management tool. NIS+ might be something on Solaris that can do this for you.
Dirk Krijgsman
- 549
- 2
- 6
-
NIS+ was EOL'ed and isn't included in current versions of Solaris any longer. LDAP is the recommended replacement. – alanc Nov 08 '18 at 18:16