This configuration parameter specifies how many days before a password expires the PAM-enabled applications should start issuing the pam.password.expiry.warn.mesg to the user.

The parameter value must be a positive integer. For example, to issue a password expiration warning 10 days before a password is set to expire:

pam.password.expiry.warn: 10

If this parameter is not present, the default value is 14 days.