'Maximum number of days between password change' for service accounts without a password

Solution Verified - Updated -

Issue

In our environment, we are using so called service accounts (root, lp, bin, adm, halt, shutdown, apache, postfix, sssd,...). These accounts do not have the password set and their password settings look like following:

[root@hostname ~]# chage -l root
Last password change                                    : never
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

[root@hostname ~]# chage -l apache
Last password change                                    : Feb 10, 2020
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : -1
Maximum number of days between password change          : -1
Number of days of warning before password expires       : -1

The value of '99999' and '-1' at 'Maximum number of days between password change' is saying that the password will never expire. Should we be concerned with this setting for accounts that do not have a password set.

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content