Sharing Knowledge | System Admin Articles

Password and Account ageing on Linux Server



The following is a brief overview of password and account ageing for Linux based servers.

chage is used to list and modification on the expiration parameters of an account.

Each individual user can view their account settings as shown below.

[email protected]:~$ chage -l testuser

Last password change : Aug 07, 2009
Password expires : Nov 05, 2009
Password inactive : never
Account expires : Aug 05, 1992
Minimum number of days between password change : 90
Maximum number of days between password change : 90
Number of days of warning before password expires : 7



Also, the non-privileged account can not change their settings using chage. They can just see.

[email protected]:~# chage
Usage: chage [options] [LOGIN]

Options:
  -d, --lastday LAST_DAY        set last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS


Now lets configure password aging for the test user.

Run the command : chage USER_NAME

[email protected]:~# chage testuser
Changing the aging information for testuser
Enter the new value, or press ENTER for the default

Minimum Password Age [0]:
Maximum Password Age [99999]: 90
Last Password Change (YYYY-MM-DD) [2009-10-16]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]: 2012-12-31

Verify that the settings took.

[email protected]:~# chage -l testuser
Last password change : Oct 16, 2009
Password expires : Jan 14, 2010
Password inactive : never
Account expires : Dec 31, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

The same can be accomplished using the command line, non-interactively.


[email protected]:~# chage -E 2012-12-31 -I -1 -m 0 -M 90 -W 7 testuser


With the above settings in place, the user should be warned 7 days before the password expires on their account.

If the password is not changed before expiration day, on the next login the user will be forced to change their password.


You can also disable all expiration settings of the ‘testuser’ account.


[email protected]:~# chage -E -1 -I -1 -m 0 -M 99999 testuser

Now the password never expires for testuser



Labels: Linux, Quick HOWTO

My Profile PhotoAbout the Author

I'm Parthiban, An UNIX System Admin by Profession. I'm Experienced in Linux/Unix System Administration and Scripting. I have done lot of work on the infrastructure Mgmt side in Linux, UNIX and Windows system administration, Hardware, Storage and Data center. I'm blogging since 2008.
Follow Me On Twitter or On Facebook

0 Comments for "Password and Account ageing on Linux Server"

What do you think about this Article? Add your Opinion..!

Back To Top