Red Hat linux 6 password aging polocies

To modify your password aging policies you want to modify your /etc/login.defs file. This is what a standard file looks like before modification.

# Please note that the parameters in this configuration file control the
# behavior of the tools from the shadow-utils component. None of these
# tools uses the PAM mechanism, and the utilities that use PAM (such as the
# passwd command) should therefore be configured elsewhere. Refer to
# /etc/pam.d/system-auth for more information.
#

# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
# QMAIL_DIR is for Qmail
#
#QMAIL_DIR Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 500
UID_MAX 60000

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 500
GID_MAX 60000

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local

#
# If useradd should create home directories for users by default
# On RH systems, we do. This option is overridden with the -m flag on
# useradd command line.
#
CREATE_HOME yes

# The permission mask is initialized to this value. If not specified,
# the permission mask will be initialized to 022.
UMASK 077

# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

# Use SHA512 to encrypt password.
ENCRYPT_METHOD SHA512

It can also be useful to see the status of a account

sysutil1:/root # chage -l username
Last password change : Mar 07, 2013
Password expires : Jun 05, 2013
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

As you can see above the “Password expires” date is before today so the user is not able to log in. Issue the fowling command to allow them to log in

# chage -M 9000 username
chage -l username
Last password change : Mar 07, 2013
Password expires : Oct 27, 2037
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 9000
Number of days of warning before password expires : 7