Linux is known for one of most secure Unix Operating System (OS) in world. But that is not mean it is 100% secure there is say in Information Technology (IT) no technology is a completely secure that is why from a System Administrator to CIO they take measure for securing IT infrastructure on regular basis by applying Personal Security, Hardware Security and Software Security.

1. Change User Password Centos

Toshiba e studio 2830c service manual. Dec 03, 2018  Learn to manage users inside CentOS Web Panel with this easy-to-follow guide on your Hostwinds VPS or Dedicated server. Have the email address or password modified, or other similar user management tasks. This guide will help show you how to manage users inside CentOS Web Panel. You can jump to a page that allows for manually editing.

In this tutorial we won’t discuss on these topics as these are beyond the scope of this topic. So let’s come on topic Linux Operating system security, weak password policy is one of main flaw for Linux based system as weak password can easily be cracked and causes breach of security. Attacker can crack the weak password easily and could exploit your Linux based systems which could be hosting your company critical database or e-commerce web service.

1. The best way to edit /etc/passwd, or shadow or group file is to use vipw command. Traditionally (under UNIX and Linux) if you use vi to edit /etc/passwd file and same time a user try to change a password while root editing file, then the user’s change will not entered into file. To avoid this Continue reading 'What is the best way to edit /etc/passwd, shadow, and group files?'
2. Dec 19, 2015  If you are using CentOS 7 and Gnome, you can change the password with xwindoes Applications- System Tools - Settings - Users.
3. Manually Add User Linux Command Line Centos 5 Since Linux is a multi-user operating system (in that it allows multiple users on different computers or To add a new user account, you can run either of the following two commands as.
4. Changing User Passwords. To change a password on behalf of a user, first sign on or 'su' to the 'root' account. Then type, ``passwd user' (where user is the username for the password you are changing). The system will prompt you to enter a password. Passwords do not echo to the screen when you enter them.

In this tutorial I will describe how to set password policy like password length, password complexity, password expiration period, deny past used passwords. etc. for CentOS / RHEL based system.

Note: For this tutorial I am using CentOS 6 and CentOS 7 virtual machines on KVM. Password policy configuration done on CentOS 6 and CentOS 7 machine will be same for RHEL 6 and RHEL 7 as well. Also I suggest before configuring files or executing any password policy configuration commands take backup of configuration files.

Password Policy Configuration in CentOS and RHEL machines

As mentioned above in this tutorial password policy configurations will contain below topics:

1. Password Length
2. Password Complexity
3. Password expiration
4. Deny past used passwords.

1. Password length configuration

CentOS 6 / RHEL 6

In CentOS 6 or RHEL 6 from root or sudo privileged edit the files /etc/pam.d/system-auth and /etc/pam.d/password-auth through your desire text editor.

Locate the below line in both files and add the parameter minlen=8 at the end of the line.

Below configuration example is from my CentOS 6 machine.

CentOS 7/ RHEL 7

In CentOS 7 and RHEL 7 execute below command for setting up password length:

To verify configured password length after above command execution use below command:

Below sample output is from my CentOS 7 machine.

2. Password Complexity

Password complexity policy allow user to set complex password this policy allow user to use password which contain upper-case character, lower-case character and special or symbol character. In below steps I will configure one upper-case, lower-case, and a special character in the password. You can set any number of maximum allowed upper-case, lower-case, and other letters in your password. So let’s start.

CentOS 6 / RHEL 6

Locate the below line in these files /etc/pam.d/system-auth and /etc/pam.d/password-auth and edit the parameters dcredit=-1 (one digit) ucredit=-1 (one upper-case character) lcredit=-1 (one lower-case character) ocredit=-1 ( one other or sysmbol character):

Below sample output of these files /etc/pam.d/system-auth and /etc/pam.d/password-auth from my CentOS 6 machine:

CentOS 7 / RHEL 7

In CentOS7 or RHEL 7 we will use same authconfig command to configure complex password.

To set at least one lower-case character for password:

To set at least one upper-case character for password:

To set at least one digit for password:

To set at least one other or symbol character for password:

To verify password complexity setting after running above command, use below command:

Below sample output from my CentOS 7 machine:

3. Password expiration

Password expiration policy prompt user to change his/her password before certain days of expiration to enforce this policy CentOS 6 / RHEL 6 and CentOS 7 / RHEL 7 has a file /etc/login.defs. This file contain below parameters which allow System Administrator to set policy:

• PASS_MAX_DAYS: Maximum number of days a password may be used.
• PASS_MIN_DAYS: Minimum number of days allowed between password changes.
• PASS_WARN_AGE: Number of days warning given before a password expires.

To enforce this password in these CentOS 6 / RHEL 6 and CentOS 7 / RHEL 7 machines locate the below parameters in /etc/login.defs file and provide number of days as per your requirement:

Below is sample output from my CentOS 6 and CentOS 7 machine:

Note: This above password expiration policy only applicable to newly created users whereas above password expiration policy won’t be applicable to existing user(s) thus you need to set this policy manually to existing user(s) from chage command you can set policy manually:

• To set Maximum password days: chage -M <no. of days> <username>
• To set Minimum password days: chage -m <no. of days> <username>
• To set number of warning days before password expire: chage -W <no. of days> <username>
Sample output:

If you have more then one existing users you can use add those users in text file and with help of for loop command you can set the policy manually below is sample from my machine:

4. Deny past used passwords

Deny past used passwords policy disallow users to set their password which were used in past. This make password more complicated by making it non guessable for attacker. In both CentOS 6 / RHEL 6 and CentOS 7 / RHEL 7 configuration is same. In both OSes you need to configure these files /etc/pam.d/system-auth and /etc/pam.d/password-auth locate and make below entry:

Sample output:

Change User Password Centos

2,124 total views, 16 views today