Most modern day UNIX operating systems store password expiration data in /etc/shadow. This expiration data includes the last time a user changed their password, the number of days a user can use a given password, an interval to warn a user that their password is going to expire, etc. There are six (I don’t count sp_flag since it’s reserved for future use) fields that apply to password expiration, and they are described in the shadow(3) manual page:
Field 3: sp_lstchg - days since Jan 1, 1970 password was last changed. Field 4: sp_min - days before which password may not be changed. Field 5: sp_max - days after which password must be changed. Field 6: sp_warn - days before password is to expire that user is warned of pending password e xpiration. Field 7: sp_inact - days after password expires that account is considered inactive and disabled. Field 8: sp_expire - days since Jan 1, 1970 when account will be disabled.
If you are looking for a nifty tool to help visualize this data, you can check out the super useful chage utility.