34
Chapter 4. Workstation Security
Warning
Always get authorization in writing before attempting to crack passwords within an organization.
4.3.2.2. Password Aging
Password aging is another technique used by system administrators to defend against bad passwords
within an organization. Password aging means that after a set amount of time, usually 90 days, the
user will be prompted to come up with a new password. The theory behind this is that if a user is
forced to change his password periodically, a cracked password is only useful to an intruder for a
limited amount of time. The downside to password aging, however, is that users are more likely to
write their passwords down.
Their are two primary ways to enforce password aging under Red Hat Linux. you can use the com
mand
chage
or the graphical application User Manager.
The
M
option of the
chage
command specifies the maximum number of days the password is valid.
So, for instance, if you want a user's password to expire in 90 days, type the following command:
chage M 90 username
In the above command, replace username with the name of the user. If you do not want the password
to expire, it is traditional to use a value of 99999 after the
M
option (this equates to a little over 273
years).
If want to use the graphical User Manager application to create password aging policies, go to the
Main Menu Button (on the Panel) => System Settings => Users & Groups or type the command
redhat config users
at a shell prompt (for example, in an XTerm or a GNOME terminal). Click
on the Users tab, select the user from the user list, and click Properties from the button menu (or
choose File => Properties from the pull down menu).
Then click the Password Info tab and enter the number of days before the password expires, as shown
in Figure 4 1.
Figure 4 1. User Password Info Pane
For more information on using the User Manager to do this, see the chapter titled User and Group
Configuration in the Official Red Hat Linux Customization Guide.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved