Changing user passwords freaquenly is kind of good habit, in the means of security. No one reveals the password but still there is a way that it could be revealed for some reasons in emergency. For instance one of the user in office is on leave today but he has important matter is in his system, since he can't login he may tell his fried password to login and finish task. So password revealed. As we know user's don't think of chnaging passwords regularly so, why don't admin do some thing forcefully to get them change the password of their system ha ? good idea .
We can do it by chage command not only this, we can a lot. lets see.
If a any user not logged in last 15 days you can set accout to lock, which means inactive and user again come to you to get it active. Only root can activate accoutn.
Set account Expire at given date:
Let's say in your organisation, trainers come for every 2 months.Head office to here, and train staff around for 5 days and leave. So you need to create account for him and get expired on 6th days after he leaves your office.
We can do it by chage command not only this, we can a lot. lets see.
- Chage
- To check the current password aging details
- [root@mail ~]# chage -l test
Last password change : Sep 29, 2011
Password expires : Oct 14, 2011
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
- Set password expiry date :
- [root@mail ~]# chage -M 15 test
- using -M option we can set max. password age / expiry date to 15 days since the date of last password change. So user automatically warned before seven days password expires. 7 days is default time to user get warned to change password.
- Once he logs in on 7th Oct, he get waning message, like
- ssh test@mail
- test@mail's password:
- Warning: your password will expire in 7 days
- Think he neglected to change password even after 7 day's which means after expiry date of password.
- ssh test@mail
- test@mail's password:
- You are reqired to change your password immediately (password aged)
- WARNIG: Your password has expired.
- You must change your password now and login again!
- Chaging password for test
- (current)UNIX password:
- Enter new UNIX password:
- Retype new UNIX password:
If a any user not logged in last 15 days you can set accout to lock, which means inactive and user again come to you to get it active. Only root can activate accoutn.
- [root@mail ~]# chage -I 5 test
Set account Expire at given date:
Let's say in your organisation, trainers come for every 2 months.Head office to here, and train staff around for 5 days and leave. So you need to create account for him and get expired on 6th days after he leaves your office.
- [root@mail ~]# chage -E 2011-10-04 subbu
- [root@mail ~]# chage -l subbu
- Last password change : Sep 29, 2011
Password expires : never
Password inactive : never
Account expires : Oct 04,2011
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7 - Disabling password Aging:
- If you want to remove these password aging settings to any user simple follow below steps, which makes to default settings.
- Min. expiry days set -m 0
- [root@mail ~]# chage -I 5 test
- Max. expiry days set -M 99999
- [root@mail ~]# chage -M 99999 test
- Inactive mode set -I to -1
- [root@mail ~]# chage -I -1 test
- Expiry date set -E to -1
- [root@mail ~]# chage -E -1 test
- or
- [root@mail ~]# chage -m 0 -M 99999 -I -1 -E -1 test
- Above steps makes Aging settings to normal.
0 Comments