For security reasons, it is good practice to require users to change their passwords periodically. To configure password expiration for a user from a shell prompt, use the chage command. The basic syntax of the chage command is :
# chage [option] [username]
The table below lists out the command line options that can be used with the chage command.
chage Command Line Options
|-m days||Specify the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire.|
|-M days||Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must change passwords before using the account.|
|-d days||Specify the number of days since January 1, 1970 the password was changed.|
|-I days||Specify the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.|
|-E date||Specify the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.|
|-W days||Specify the number of days before the password expiration date to warn the user.|
1. To force users to change their passwords the maxdays variable has to be set for that user. An example of how to do this can be found below:
# chage -M 30 [user]
The above will expire the associated users password every 30 days.
2. This can also be done when first assigning a password to a user when creating their account with the command below:
# passwd -x 30 [user]
3. It would also be wise to warn users that their account password is about to expire. This can be done by changing the warndays variable shown below.
# chage -W 4 [user]
This will warn the user 4 days before their password expires that they will need to change their password.
4. To retrieve expiry information about an existing account, use the command below:
# chage -l [user] Minimum: 0 Maximum: 30 Warning: 4 Inactive: -1 Last Change: Mar 03, 2005 Password Expires: Apr 02, 2005 Password Inactive: Never Account Expires: Never