3.1.2.5 maxexpired

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Defines the number of weeks after maxage, that a password can be reset by the user.

Rationale:

The maxexpired attribute limits the number of weeks after password expiry that a password may be changed by the user.

Solution

In /etc/security/user, set the default user stanza maxexpired attribute to 4:

chsec -f /etc/security/user -s default -a maxexpired=4

This means that a user can reset their password up to 4 weeks after it has expired. After this an administrative user would need to reset the password.

Default Value:

No limit

See Also

https://workbench.cisecurity.org/files/3525