Your company is building an automated provisioning script for new Linux user accounts. The security team mandates that any future account carry a default password lifetime of 90 days and that users receive a warning 7 days before the password expires. Existing accounts will be handled separately. Which single configuration change will meet this requirement?
Append "PASS_MAX_DAYS=90; PASS_WARN_AGE=7" to each line in /etc/shadow.
Run chage -d 0 -M 90 -W 7 for each user account.
Edit /etc/login.defs and set PASS_MAX_DAYS to 90 and PASS_WARN_AGE to 7.
Add "password requisite pam_pwquality.so retry=3 minlen=12" to /etc/pam.d/system-auth.
The defaults that new accounts inherit are read from /etc/login.defs when the account is created. Setting
PASS_MAX_DAYS 90 PASS_WARN_AGE 7
in that file means any account added after the change will automatically have a maximum password age of 90 days and a 7-day warning period. The chage or passwd commands can impose the same limits, but they do so one account at a time and therefore do not affect users created later. Editing /etc/shadow directly is discouraged, affects only the modified lines, and would still need to be repeated for every new account. Changing PAM password-quality lines influences complexity, not expiration or warning intervals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the /etc/login.defs file?
Open an interactive chat with Bash
Why is editing /etc/shadow for password settings not recommended?
Open an interactive chat with Bash
What does the 'chage' command do, and when should it be used?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access