# Password Expiration?



## folivora (Apr 26, 2011)

Hi,

I've issues with password expiration.

I've edited /etc/login.conf by adding following lines:


```
:minpasswordlen=8:\
:mixpasswordcase=true:\
:passwordtime=90d:\
```
After editing /etc/login.conf I issued [CMD=]"cap_mkdb /etc/login.conf"[/CMD].

I created test user, after creating test user I did check /etc/master.passwd and the 6th column is still 0. 

I wonder what I've done wrong?

Best Regards

Folivora


----------



## SirDice (Apr 26, 2011)

Use pw(8) like so
`# pw usermod -p 90d test_user`


----------



## folivora (Apr 28, 2011)

Hey.

I used *pw* to change the expiration day of existing users in the system. So do you mean that every time when I create new user, I should use *pw* to determine passwords expiration day?

Then second question is, let's say that I use the [CMD=]pw usermod -d 90 test_user[/CMD] command. Does test_user's password expire every 90 days? Or is it needed to determine new 90 days after first 90 days?


Best Regards

Folivora


----------



## SirDice (Apr 28, 2011)

I had to look this up, I never use it :e

Anyway, the -p 90 will set the password to expire in 90 days. You don't need to set it everytime. 

As for login.conf, both minpasswordlen and mixpasswordcase don't do anything. The passwordtime however should work. You won't see the 90 days in the fields of master.passwd as they are set on the class, not a specific user.


----------



## lme@ (Apr 28, 2011)

If you also want to enforce password complexity, take a look at pam_passwdqc(8).


----------



## anomie (Apr 28, 2011)

folivora said:
			
		

> I used pw to change the expiration day of existing users in the system. So do you mean that every time when I create new user, I should use pw to determine passwords expiration day?]



I _think_ your user class / passwordtime changes will be in effect for any new users you create (in said user class) going forward. This would be easy to confirm by testing. 

For existing users, you'll simply apply the change manually via pw(8).


----------

