TOC & Recently Viewed

Recently Viewed Topics

min_password_age

This built-in function ensures that the minimum password age (e.g., the time required before users are permitted to change their passwords) is in the defined range.

Having a minimum password age prevents users from changing passwords too often in an attempt to override the maximum password history. Some users do this to cycle back to their original password, circumventing password change requirements.

Operating System

Implementation

Linux

The variable PASS_MIN_DAYS is defined in /etc/login.defs.

Solaris

The variable MINWEEKS in /etc/default/passwd defines the maximum number of weeks a password can be used.

HP-UX

This value is controlled by the variable PASSWORD_MINDAYS in /etc/default/security.

Mac OS X

This option is not supported.

Usage

<item>

name: "min_password_age"

description: "This check reports agents and users with password history settings that are less than a specified minimum number of passwords."

except: "user1" | "user2" (list of users to be excluded)

value: "<min>..<max>"

</item>

Example

<item>

name: "min_password_age"

description: "Make sure a password cannot be changed before 4 days while allowing the user to change at least after 21 days"

value: "4..21"

</item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.