[root@rhel-instance ]# groupmod -n accounting acounting

Adjusting password policies
143
Tip
A hashing algorithm is made so that it generates a precise string of characters, or a hash, from a provided piece of data (that is, a file or a word. It does it in away that it will always generate the same hash from the same original data, but the original data is almost impossible to recreate from the hash. That’s why they are used to store passwords or verify the integrity of a downloaded file.
Let’s take a look atone example by running the grep user as root against /etc/shadow:
user:$6$tOT/cvZ4PWRcl8XX$0v3.ADE/ibzlUGbDLer0ZYaMPNRJ5gK17LeKno
MfKK9 .nFz8grN3IafmHvoHPuh3XrU81nJu0.is5znztB64Y/:18650:0:99999
:7:3:19113:
As with the password file, the data stored in /etc/shadow has an entry per line and the fields are separated by colons (:):
• user The account name. It should be the same one as in /etc/passwd.
• $6$tOT/cvZ4PWRcl8XX$0v3.ADE/ibzlUGbDLer0ZYaMPNRJ5gK17LeKnoMfKK
9.nFz8grN3IafmHvoHPuh3XrU81nJu0.is5znztB64Y/: The password hash. It contains three parts separated by $:
‚ $6: The algorithm used to encrypt the file. In this case, the value 6 indicates that it is SHA-512. The number 1 is for the old, now insecure, MD algorithm $tOT/cvZ4PWRcl8XX: The salt password. This token is used to improve password encryption $ 0 v 3 . AD E / i b z l U G b D Le r 0 Z Ya MP NR Jg KL e Kn o M f K K 9 .
nFz8grN3IafmHvoHPuh3XrU81nJu0.is5znztB64Y/: An encrypted password hash. Using salt and the SHA-512 algorithm, this token is created. When the user validates, the process is run again and if the same hash is generated, the password is validated and access is granted 18650: The time and date when the password was last changed. The format is the number of days since 1970-01-01 00:00 UTC (this date is also known as the epoch).
• 0: The minimum number of days until the user can change the password again 99999: The maximum number of days until the user has to change the password again. If empty, it won’t expire 7: The number of days the user will be warned that the password is about to expire 3: The number of days the user can still login even when the password has expired.

Securing Systems with Users, Groups, and Permissions 19113: The date on which the password should expire. If empty, it won’t expire on a specific date : The last colon is left to allow us to add new fields easily.
Tip
To convert the date field to a human-readable date, you can run the following command dated UTC + 18650 days'.
How do we change the expiration dates for passwords The tool to do so is chage, for change age. Lets first review the options that can be used in the same order as they are stored in /etc/shadow:
• -d or --lastday: The time and date when the password was last changed. The format for it is YYYY-MM-DD.
• -m or --mindays: The minimum number of days until the user can change the password again -W or --warndays: The number of days the user will be warned that the password is about to expire -I or -inactive The number of days, once the password has expired, that will have to pass before the account is locked -E or --expiredate: The date after which the user’s account will be locked. The date should be expressed in the YYYY-MM-DD format.
Let’s try it. First, we create the usertest account:

Download 1.85 Mb.

Share with your friends: