Per-user password expiration parameter
The following parameters defined in /etc/login.defs can
be overridden per-user:
* PASS_MAX_DAYS
* PASS_MIN_DAYS
* PASS_WARN_DAYS
* INACTIVE
Related-Prod: PROD-18386
Change-Id: I5b182128f9dd8a043b48fb86e61febb2fd5c7e0a
diff --git a/README.rst b/README.rst
index 598b638..e9a9e15 100644
--- a/README.rst
+++ b/README.rst
@@ -70,6 +70,30 @@
home: '/home/elizabeth'
password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
+Configure password expiration parameters
+----------------------------------------
+The following login.defs parameters can be overridden per-user:
+
+* PASS_MAX_DAYS
+* PASS_MIN_DAYS
+* PASS_WARN_DAYS
+* INACTIVE
+
+.. code-block:: yaml
+
+ linux:
+ system:
+ ...
+ user:
+ jdoe:
+ name: 'jdoe'
+ enabled: true
+ ...
+ maxdays: <PASS_MAX_DAYS>
+ mindays: <PASS_MIN_DAYS>
+ warndays: <PASS_WARN_DAYS>
+ inactdays: <INACTIVE>
+
Configure sudo for users and groups under ``/etc/sudoers.d/``.
This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
diff --git a/linux/system/user.sls b/linux/system/user.sls
index 7a0c98b..89d2cbb 100644
--- a/linux/system/user.sls
+++ b/linux/system/user.sls
@@ -50,6 +50,18 @@
{%- if user.uid is defined and user.uid %}
- uid: {{ user.uid }}
{%- endif %}
+ {%- if user.maxdays is defined %}
+ - maxdays: {{ user.maxdays }}
+ {%- endif %}
+ {%- if user.mindays is defined %}
+ - mindays: {{ user.mindays }}
+ {%- endif %}
+ {%- if user.warndays is defined %}
+ - warndays: {{ user.warndays }}
+ {%- endif %}
+ {%- if user.inactdays is defined %}
+ - inactdays: {{ user.inactdays }}
+ {%- endif %}
- require: {{ requires|yaml }}
system_user_home_{{ user.home }}:
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 2973677..43fc65c 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -128,6 +128,7 @@
enabled: true
home: /root
name: root
+ maxdays: 365
testuser:
enabled: true
name: testuser