min_password_age

This built-in function ensures that the minimum password age (e.g., the time required before users are permitted to change their passwords) is in the defined range.

Having a minimum password age prevents users from changing passwords too often in an attempt to override the maximum password history. Some users do this to cycle back to their original password, circumventing password change requirements.

Operating System	Implementation
Linux	The variable PASS_MIN_DAYS is defined in `/etc/login.defs`.
Solaris	The variable MINWEEKS in `/etc/default/passwd` defines the maximum number of weeks a password can be used.
HP-UX	This value is controlled by the variable PASSWORD_MINDAYS in `/etc/default/security`.
macOS	This option is not supported.

Usage

<item>

name: "min_password_age"

description: "This check reports agents and users with password history settings that are less than a specified minimum number of passwords."

value: "<min>..<max>"

</item>

Example

<item>

name: "min_password_age"

description: "Make sure a password cannot be changed before 4 days while allowing the user to change at least after 21 days"

value: "4..21"

</item>