--- shadow-4.2.1/etc/login.defs	2014-05-09 12:20:28.000000000 +0200
+++ shadow-4.2.1.new/etc/login.defs	2017-04-24 14:00:04.000000000 +0200
@@ -179,8 +179,8 @@
 #
 # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
 #
-ERASECHAR	0177
-KILLCHAR	025
+#ERASECHAR	0177
+#KILLCHAR	025
 #ULIMIT		2097152
 
 # Default initial "umask" value used by login(1) on non-PAM enabled systems.
@@ -200,10 +200,10 @@
 #	PASS_MIN_LEN	Minimum acceptable password length.
 #	PASS_WARN_AGE	Number of days warning given before a password expires.
 #
-PASS_MAX_DAYS	99999
-PASS_MIN_DAYS	0
+PASS_MAX_DAYS	365
+PASS_MIN_DAYS	7
 PASS_MIN_LEN	5
-PASS_WARN_AGE	7
+PASS_WARN_AGE	30
 
 #
 # If "yes", the user must be listed as a member of the first gid 0 group
@@ -282,7 +282,7 @@
 # phone, home phone).  If not defined, no changes are allowed.
 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
 # 
-CHFN_RESTRICT		rwh
+CHFN_RESTRICT		frwh
 
 #
 # Password prompt (%s will be replaced by user name).
@@ -304,7 +304,7 @@
 #
 # This variable is deprecated. You should use ENCRYPT_METHOD instead.
 #
-#MD5_CRYPT_ENAB	no
+MD5_CRYPT_ENAB	yes
 
 #
 # Only works if compiled with ENCRYPTMETHOD_SELECT defined: