etc/login.defs: Remove defaults for password expiration

alejandro-colomar · alejandro-colomar · commit 2eae5ae189ec · 2025-12-15T15:00:51.000+01:00
Expiring passwords has been determined to decrease safety.
Let's default to not expiring passwords.

Signed-off-by: Alejandro Colomar &lt;alx@kernel.org&gt;
diff --git a/etc/login.defs b/etc/login.defs
@@ -209,15 +209,9 @@ UMASK		022
 #
 # Password aging controls:
 #
-#	PASS_MAX_DAYS	Maximum number of days a password may be used.
-#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
 #	PASS_MIN_LEN	Minimum acceptable password length.
-#	PASS_WARN_AGE	Number of days warning given before a password expires.
 #
-PASS_MAX_DAYS	99999
-PASS_MIN_DAYS	0
 PASS_MIN_LEN	5
-PASS_WARN_AGE	7
 
 #
 # If "yes", the user must be listed as a member of the first gid 0 group

Original file line number	Diff line number	Diff line change
`@@ -209,15 +209,9 @@ UMASK 022`
`209`	`209`	`#`
`210`	`210`	`# Password aging controls:`
`211`	`211`	`#`
`212`		`-# PASS_MAX_DAYS Maximum number of days a password may be used.`
`213`		`-# PASS_MIN_DAYS Minimum number of days allowed between password changes.`
`214`	`212`	`# PASS_MIN_LEN Minimum acceptable password length.`
`215`		`-# PASS_WARN_AGE Number of days warning given before a password expires.`
`216`	`213`	`#`
`217`		`-PASS_MAX_DAYS 99999`
`218`		`-PASS_MIN_DAYS 0`
`219`	`214`	`PASS_MIN_LEN 5`
`220`		`-PASS_WARN_AGE 7`
`221`	`215`
`222`	`216`	`#`
`223`	`217`	`# If "yes", the user must be listed as a member of the first gid 0 group`