Merge "DOC: Update password rules for v_master"

2025-05-13 18:16:01 +00:00 · 2025-05-13 18:16:01 +00:00 · 8559d7ff29
commit 8559d7ff29
parent 8baf1b6e3c 48fb52f0e7
2 changed files with 19 additions and 15 deletions
--- a/doc/source/security/kubernetes/linux-accounts-password-3dcad436dce4.rst
+++ b/doc/source/security/kubernetes/linux-accounts-password-3dcad436dce4.rst
@ -22,15 +22,21 @@ To change the password expiry period of Linux accounts, run the

 .. code-block:: none

-    [sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M <days_to_expiry> <username>
+    [sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M <days_to_expiry> -I <days_to_inactive> <username>

-For example, to set the maximum number of days before the password must be
-changed to 60 days for a user named ``sysadmin``, you can use the following
-command:
+-   -M <days_to_expiry>: Sets the maximum number of days a password is valid
+    (90 days by default).    
+
+-   -I <days_to_inactive>: Sets the number of days of inactivity after a password 
+    expires before the account is disabled (45 days by default).
+
+For example, to set a maximum password age of 60 days and configure the account
+to be permanently disabled 45 days after the password expires for the user
+``sysadmin``, run the following command:

 .. code-block:: none

-    [sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M 60 sysadmin
+    [sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M 60 -I 45 sysadmin


 Verify Changes
@ -49,10 +55,12 @@ output of ``chage -l <username>`` should be as follows:
 .. code-block:: none

    [sysadmin@controller-0 ~(keystone_admin)]$ chage -l sysadmin
-    Last password change                                : abr 30, 2024
-    Password expires                                    : jun 29, 2024
-    Password inactive                                   : never
+    Last password change                                : Apr 09, 2025
+    Password expires                                    : Jun 08, 2025
+    Password inactive                                   : Jul 23, 2025
    Account expires                                     : never
-    Minimum number of days between password change      : 0
+    Minimum number of days between password change      : 1
    Maximum number of days between password change      : 60
    Number of days of warning before password expires   : 7
+
+    
--- a/doc/source/security/kubernetes/starlingx-system-accounts-system-account-password-rules.rst
+++ b/doc/source/security/kubernetes/starlingx-system-accounts-system-account-password-rules.rst
@ -54,11 +54,7 @@ LDAP, sysadmin, and other Linux accounts):
        other users, including sudo to root, to change other account's password.

 -   After five consecutive incorrect password attempts, the user is locked
-    out for 5 minutes.
-
-    .. note::
-
-        This rule does not apply to the root user.
+    out for 15 minutes.

 For more details on Linux Accounts password rules see:
 :ref:`linux-accounts-password-3dcad436dce4`.