In this post we will learn how to manage users password aging using chage command. Chage command is very useful for user management and password policy. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.
To change user's password aging use command "chage user_name"
1. To list user account aging information.
# chage -l transfer_user
Last password change : Jun
22, 2012
Password expires : Aug 21,
2012
Password inactive : never
Account expires : never
Minimum number of days between password
change : 7
Maximum number of days between password
change : 60
Number of days of warning before password
expires : 7
|
2. To force user to change password after first login do
# chage
-d0 transfer_user
# chage -l transfer_user
Last password change : password must be
changed
Password expires : password must be
changed
Password inactive : password must be
changed
Account expires : never
Minimum number of days between password
change : 7
Maximum number of days between password
change : 60
Number of days of warning before password
expires : 7
|
3. To change Account Expiration date: Set the date or number of days since January 1, 1970 on which the user´s account will no longer be accessible.
# chage -E 2012-09-01 transfer_user
# chage -l transfer_user
Last password change : Jun 22,
2012
Password expires : Aug
21, 2012
Password inactive : never
Account
expires :
Sep 01, 2012
Minimum number of days between password
change : 7
Maximum number of days between password
change : 60
Number of days of warning before password
expires : 7
|
4. To change password inactive field: Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity.
# chage -I 5 transfer_user
# chage -l transfer_user
Last password change : Jun 22,
2012
Password expires : Aug
21, 2012
Password inactive : Aug
26, 2012
Account expires :
Sep 01, 2012
Minimum number of days between password
change : 7
Maximum number of days between password
change : 60
Number of days of warning before password
expires : 7
|
There are other options we can use with chage commang:
-m: Set the minimum number of days between
password changes to MIN_DAYS.
-M: Set the maximum number of days during
which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current
day, the user will be required to change his/her password before being able to
use his/her account.
-W: Set the number of days of warning
before a password change is required. The WARN_DAYS option is the number of
days prior to the password expiring that a user will be warned his/her password
is about to expire.
If you have any doubts regarding user administration please comment.