Linux Crash Course - User Account & Password Expiration

Any chance for a video on how login.conf ; passwd.auth ; system.auth ; pwquality all fit together?

Any chance for a video on how login.conf ; passwd.auth ; system.auth ; pwquality all fit together?

RHEL have added places where one can hardel passwords...
login.conf; sustem.auth; passwd.auth; pwquality.conf
Why so many? Are they all needed? Can one point to pwquality inside passwd.auth and only use that? doesn't pwquality make the others redundant?

# user chage -l Learn_Linux

I like that you're too polite to suggest that someone who wants to list password information for a user might accidentally type "sudo passwd -l" instead of "sudo chage -l" and lock the account of the user without realizing it. As someone who would of course never make that kind of mistake I'm glad you included it in the video. 😉

Great work Thank you

Could be extended with other useful operations like setting password complexity or preventing users from reusing old passwords etc.

Thank you so much

Thanks for these videos!!!!!

Very well presented, thank you.

有用，学习了

Informative

This video is really useful to me, thank you Jay.

Do a videoa bout Ldap and about a linux network environment, like access shared folders.

Needing password expirations on Linux? That's a world I don't live in.

The security community has because of bad experiences come to the conclusion that both time based password expiry and minimum password lifetimes are contraproductive™.
Both result in users having insecure passwords. Just keep the hashes (salted and peppered of cause) of ALL previous passwords.

AWESOME

Setting expiration date for Neo, Trinity and Morpheus? Now we finally know who is behind Matrix, Jay...or rather Mr. Smith?!

Password expiration horrible. It is the single greatest threat to a network. Tim didn't reset his password, he calls in to get it reset, its so common that verification standards have to be lowered. Tim gets his password reset but...... its a trick, Tim is really some guy in Nigeria who now has access to your network.

Locking out an account after to many password attempts is also a great way to get your network compromised. Time outs are fine, but its better to just reduce access or to contact HR when there too many password attempt. Let HR contact the employee and or supervisor to resolve the issue.

Jay, As a SysAdmin for 30+ years I've found some users would keep locking out their account and calling 1st line support (avoiding me) just so they could weasel their way back into setting their 10 year old "Super strong" password back using tears, threats, chocolate bars, favours etc. I would routinely run Johntheripper against the passwords to check for myself for weak ones.

Super useful; I didn't know passwd can do things other to than change passwords, cool Jay.
Can we dwell more on shadow files please? Override set password & things like that, idk.
Thanks Jay once again.

2021-10-01 : Jay said after October 1st, is it not on after midnight end of September ?

Please upload to Odysee!