1

After set the Account Expire parameter on /etc/shadow (field #7) to 90 days,I need to know where to look around if an user account is locked down or not after those amount of days.

Right now, the only solid way which I did find to do that is just seeing the message that says the account is expired when the user tries to do ssh against the server.

Any ideas on how to check that from inside the server?

I'm using a Red Hat (Santiago) one.

Improve this question

1 Answer 1

Reset to default
1

Use chage -l to see a decoded interpretation of the aging information. The user name is expected as the argument. If you are interrogating your own account, no special privileges are requried. Otherwise use sudo chage -l someaccount.

When an account is locked, the password field of /etc/shadow will begin with an exclamation point. The remaining characters in the string are the password before the lock was applied.

Improve this answer
1
  • That's what I was expected to see, but -sadly- there's no change over /etc/shadow entry for an account which has more that 90 days of inactivity. chage command says ' never expires ' for an account that should be locked for the same reason (more than 90 days...) Commented Apr 14, 2014 at 16:29

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.