The Geek Diary

CONCEPTS | BASICS | HOWTO

UNIX / Linux : how to force user to change their password on next login after password has reset

By

The Ask

How to require a user to change their password the next time they login? User must be force to change the password for the first time only after the password has been reset.

1. Using chage command

This can be done using the chage command with -d option. As per man page of chage :

# man chage
....
-d, --lastday LAST_DAY
    Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced to change his password on the next log on.
...

To set the user’s date of last password change to 0 use the command below :

# chage -d 0 [username]

For example to set user’s (testuser) date of last password change to 0 with chage command :

# chage -d 0 testuser

2. Using passwd command

Another way to force user for password change is to use the command passwd with -e option. The -e option expires the current user password forcing user to set a new one on next login. From the man page of passwd command :

-e     This is a quick way to expire a password for an account. The user will be forced to change the password during the next login  attempt. Available  to  root only.

To expire the current password and force user to set a new password use the below command:

# passwd -e [username]

If the user does not remember their old password, give them a temporary password with passwd before running the above command.

Verify

The next time the user authenticates (with their old password), they will be forced to enter a new password. 

# ssh testuser@localhost
testuser@localhost's password: 
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Changing password for testuser.
(current) UNIX password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
Connection to localhost closed.

To verify if the current password has expired or not use the command chage.

# chage -l [username]

You May Also Like