Pawan Sharma | July 16, 2012 | Be the first to comment!

Chage command for password ageing policy

In this post we will learn how to manage users password aging using chage command. Chage command is very useful for user management and password policy. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

To change user's password aging use command "chage user_name"

1. To list user  account aging information.


# chage -l transfer_user
Last password change                                                                   : Jun 22, 2012
Password expires                                                                           : Aug 21, 2012
Password inactive                                                                          : never
Account expires                                                                              : never
Minimum number of days between password change           : 7
Maximum number of days between password change          : 60
Number of days of warning before password expires             : 7


 2. To force user to change password after first login do


# chage -d0 transfer_user
# chage -l transfer_user
Last password change                                     : password must be changed
Password expires                                            : password must be changed
Password inactive                                           : password must be changed
Account expires                                              : never
Minimum number of days between password change   : 7
Maximum number of days between password change   : 60
Number of days of warning before password expires      : 7


3. To change Account Expiration date: Set the date or number of days since January 1, 1970 on which the user´s account will no longer be accessible.


# chage -E 2012-09-01 transfer_user
# chage -l transfer_user
Last password change                                 : Jun 22, 2012
Password expires                                        : Aug 21, 2012
Password inactive                                       : never
Account expires                                         : Sep 01, 2012
Minimum number of days between password change      : 7
Maximum number of days between password change     : 60
Number of days of warning before password expires       : 7


4. To change password inactive field: Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity.


# chage -I 5 transfer_user
# chage -l transfer_user
Last password change                                    : Jun 22, 2012
Password expires                                        : Aug 21, 2012
Password inactive                                       : Aug 26, 2012
Account expires                                         : Sep 01, 2012
Minimum number of days between password change          : 7
Maximum number of days between password change          : 60
Number of days of warning before password expires       : 7


There are other options we can use with chage commang:
  -m: Set the minimum number of days between password changes to MIN_DAYS.

  -M: Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account.

  -W: Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire.

If you have any doubts regarding user administration please comment.

No comments:

Post a Comment