Password and Account ageing on Linux Server

The following is a brief overview of password and account ageing for Linux based servers.

chage is used to list and modification on the expiration parameters of an account.

Each individual user can view their account settings as shown below.

testuser@testServer:~$ chage -l testuser

Last password change : Aug 07, 2009
Password expires : Nov 05, 2009
Password inactive : never
Account expires : Aug 05, 1992
Minimum number of days between password change : 90
Maximum number of days between password change : 90
Number of days of warning before password expires : 7



Also, the non-privileged account can not change their settings using chage. They can just see.

root@testServer:~# chage
Usage: chage [options] [LOGIN]

Options:
  -d, --lastday LAST_DAY        set last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS


Now lets configure password aging for the test user.

Run the command : chage USER_NAME

root@testServer:~# chage testuser
Changing the aging information for testuser
Enter the new value, or press ENTER for the default

Minimum Password Age [0]:
Maximum Password Age [99999]: 90
Last Password Change (YYYY-MM-DD) [2009-10-16]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]: 2012-12-31

Verify that the settings took.

root@testServer:~# chage -l testuser
Last password change : Oct 16, 2009
Password expires : Jan 14, 2010
Password inactive : never
Account expires : Dec 31, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

The same can be accomplished using the command line, non-interactively.


root@testServer:~# chage -E 2012-12-31 -I -1 -m 0 -M 90 -W 7 testuser


With the above settings in place, the user should be warned 7 days before the password expires on their account.

If the password is not changed before expiration day, on the next login the user will be forced to change their password.


You can also disable all expiration settings of the ‘testuser’ account.


root@testServer:~# chage -E -1 -I -1 -m 0 -M 99999 testuser

Now the password never expires for testuser

Share this

Related Posts

Previous
Next Post »

What do you think about this Article? Add your Opinion..! EmoticonEmoticon