linux下帐号密码过期

早上看到告警备份失败,检查发现今天并未发起备份任务,查看定时任务时报错

1
2
3
4
[oracle@ ~]$ crontab -l

Authentication token is no longer valid; new one required
You (oracle) are not allowed to access to (crontab) because of pam configuration.

看提示是oracle用户的认证有问题,不允许其调用crontab任务,可能跟pam配置文件的设置有关。

检查secure日志文件,查看具体报错信息

1
2
3
4
5
6
7
vim /var/log/secure

su: pam_unix(su-l:session): session opened for user oracle by (uid=0)
su: pam_unix(su-l:session): session closed for user oracle
su: pam_unix(su-l:session): session closed for user oracle
su: pam_unix(su-l:session): session opened for user oracle by root(uid=0)
crontab: pam_unix(crond:account): expired password for user oracle (password aged)

看样子是因为oracle帐号密码超期了。

在/etc/shadow文件中以加密的方式储存了每个linux用户的账户信息,和一些账户的其他熟悉

1
oracle:$6$w/9VcJHK$h767lV6RlyMu:17974:1:90:7:::

密码的超期信息主要包含6个方面,如/etc/shadow看到的结果,比如90天超期,还剩7天时进行告警等。可以通过修改这个文件来进行属性的变更,但是不建议这样做。而是通过命令的方式来进行配置,命令可以修改密码的超期时间。

列出当前用户的超期信息

1
2
3
4
5
6
7
8
[root@ cron]# chage -l oracle
Last password change                    : Mar 19, 2019
Password expires                    : Jun 23, 2019
Password inactive                   : never
Account expires                     : never
Minimum number of days between password change      : 1
Maximum number of days between password change      : 90
Number of days of warning before password expires   : 7

这里可以禁用掉超期限制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@ cron]# chage oracle
Changing the aging information for oracle
Enter the new value, or press ENTER for the default

    Minimum Password Age [1]: 0
    Maximum Password Age [90]: 99999
    Last Password Change (YYYY-MM-DD) [2019-03-19]: 
    Password Expiration Warning [7]: 
    Password Inactive [-1]: 
    Account Expiration Date (YYYY-MM-DD) [-1]:

# 重新查看超期信息
[root@ cron]# chage -l oracle
Last password change                    : Mar 19, 2019
Password expires                    : never
Password inactive                   : never
Account expires                     : never
Minimum number of days between password change      : 0
Maximum number of days between password change      : 99999
Number of days of warning before password expires   : 7

# crontab -l查看正常
[oracle@ ~]$ crontab -l
00  17  *  *  2,6  /backup/rman_level0.sh 2>/dev/null
00  17  *  *  1,3,4,5,7  /backup/rman_level1.sh 2>/dev/null
Linux
linux下帐号密码过期
https://www.xbdba.com/2019/07/24/expired-account-in-linux/
作者
xbdba
发布于
2019年7月24日
许可协议