chage -l $USER

[root@dm02db04 ~]# chage -l oracle
Last password change                     : Aug 03, 2012
Password expires                    : Oct 30, 2012
Password inactive                    : never
Account expires                          : never
Minimum number of days between password change        : 1
Maximum number of days between password change        : 90
Number of days of warning before password expires     : 7

[root@dm02db04 ~]# chage -I -1 -m 0 -M 99999 -E -1 oracle
Last password change                    : Aug 03, 2012
Password expires                     : never
Password inactive                       : never
Account expires                         : never
Minimum number of days between password change        : 0
Maximum number of days between password change        : 99999
Number of days of warning before password expires    : 7

[root@dm02db04 ~]# chage -l root
Last password change                     : Aug 08, 2012
Password expires                    : Oct 22, 2012
Password inactive                    : never
Account expires                          : never
Minimum number of days between password change        : 1
Maximum number of days between password change        : 90
Number of days of warning before password expires     : 7

[root@dm02db04 ~]# chage -I -1 -m 0 -M 99999 -E -1 root
Last password change                    : Aug 03, 2012
Password expires                     : never
Password inactive                       : never
Account expires                         : never
Minimum number of days between password change        : 0
Maximum number of days between password change        : 99999
Number of days of warning before password expires    : 7

Alterar restrições de tempo de logon (somente via KVM)

Alterar a linha de lock_time=600 para lock_time=10 (ou remover o lock_time).

Quem “coordena” as restrições de login e senha (expiração etc.) é o módulo “pam_tally2”. Para verificar os usuários em “lock” para logon, pode-se executar:

pam_tally2

Para “destravar” um usuário (automaticamente permitir o logon sem aguardar “x” segundos):

pam_tally2 –r –u < nome_user> 

[root@dm02db04 ~]# cat /etc/pam.d/login 
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
auth       required     pam_tally2.so deny=5 onerr=fail lock_time=10
account    required     pam_nologin.so
account    include      system-auth
account    required     pam_tally.so
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    optional     pam_keyinit.so force revoke
session    required     pam_loginuid.so
session    include      system-auth
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open

########### BEGIN DO NOT REMOVE Added by Oracle Exadata ###########
session    required     pam_limits.so
########### END DO NOT REMOVE Added by Oracle Exadata ###########
[root@dm02db04 ~]#

 #%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so