For security reasons, it is good practice to require users to change their passwords periodically. To configure password expiration for a user from a shell prompt, use the chage command. The basic syntax of the chage command is :
# chage [option] [username]
The table below lists out the command line options that can be used with the chage command.
chage Command Line Options
| Option | Description |
|---|---|
| -m days | Specify the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire. |
| -M days | Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must change passwords before using the account. |
| -d days | Specify the number of days since January 1, 1970 the password was changed. |
| -I days | Specify the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires. |
| -E date | Specify the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used. |
| -W days | Specify the number of days before the password expiration date to warn the user. |
Examples:
1. To force users to change their passwords the maxdays variable has to be set for that user. An example of how to do this can be found below:
# chage -M 30 [user]
The above will expire the associated users password every 30 days.
2. This can also be done when first assigning a password to a user when creating their account with the command below:
# passwd -x 30 [user]
3. It would also be wise to warn users that their account password is about to expire. This can be done by changing the warndays variable shown below.
# chage -W 4 [user]
This will warn the user 4 days before their password expires that they will need to change their password.
4. To retrieve expiry information about an existing account, use the command below:
# chage -l [user]
Minimum: 0
Maximum: 30
Warning: 4
Inactive: -1
Last Change: Mar 03, 2005
Password Expires: Apr 02, 2005
Password Inactive: Never
Account Expires: Never