Verify the account identifiers (individuals, groups, roles, and devices) are disabled after
or less days of inactivity by
checking the account inactivity value with the following command:
grep 'inactive\|pam_unix' /etc/pam.d/password-auth | grep -w auth
auth required pam_lastlog.so inactive=35
auth sufficient pam_unix.so
The line with the inactive parameter should be placed before pam_unix.so module as in
the example output.