• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

UNIX / Linux : how to force user to change their password on next login after password has reset

By admin

The Ask

How to require a user to change their password the next time they login? User must be force to change the password for the first time only after the password has been reset.

1. Using chage command

This can be done using the chage command with -d option. As per man page of chage :

# man chage
....
-d, --lastday LAST_DAY
    Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced to change his password on the next log on.
...

To set the user’s date of last password change to 0 use the command below :

# chage -d 0 [username]

For example to set user’s (testuser) date of last password change to 0 with chage command :

# chage -d 0 testuser

2. Using passwd command

Another way to force user for password change is to use the command passwd with -e option. The -e option expires the current user password forcing user to set a new one on next login. From the man page of passwd command :

-e     This is a quick way to expire a password for an account. The user will be forced to change the password during the next login  attempt. Available  to  root only.

To expire the current password and force user to set a new password use the below command:

# passwd -e [username]

If the user does not remember their old password, give them a temporary password with passwd before running the above command.

Verify

The next time the user authenticates (with their old password), they will be forced to enter a new password.

# ssh testuser@localhost
testuser@localhost's password: 
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Changing password for testuser.
(current) UNIX password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
Connection to localhost closed.

To verify if the current password has expired or not use the command chage.

# chage -l [username]

Filed Under: Linux

Some more articles you might also be interested in …

  1. lvcreate/lvremove Failed with Error “Can’t remove merging snapshot logical volume”
  2. Understanding OpenSSH Configuration Files
  3. How to restrict ssh logins by user and client address on CentOS/RHEL
  4. Examples of using dmsetup command in Linux
  5. How to use command redirection under Linux
  6. Apache HTTP server – most commonly used configuration directives
  7. What is the refid in ntpq -p output?
  8. How Passwordless SSH works in Linux / UNIX
  9. CentOS / RHEL : How to create new LVM based swap partition
  10. How to disable “Alt+Ctrl+Del” causing system reboot in CentOS/RHEL 7

You May Also Like

Primary Sidebar

Recent Posts

  • How to set the default character set in MySQL and how to propagate it in a master-master replication scenario
  • “Connection reset by peer” – error while ssh into a CentOS/RHEL system with a specific user only
  • MySQL: how to figure out which session holds which table level or global read locks
  • Recommended Configuration of the MySQL Performance Schema
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary