Documentation< Previous | Contents | Next >
1.4.2. Password Expiration
When creating user accounts, you should make it a policy to have a minimum and maximum password age forcing users to change their passwords when they expire.
• To easily view the current status of a user account, use the following syntax:
sudo chage -l username
The output below shows interesting facts about the user account, namely that there are no policies applied:
Last password change : Jan 20, 2015
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
• To set any of these values, simply use the following syntax, and follow the interactive prompts:
sudo chage username
The following is also an example of how you can manually change the explicit expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after password expiration, and a warning time period (-W) of 14 days before password expiration:
sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username
• To verify changes, use the same syntax as mentioned previously:
sudo chage -l username
The output below shows the new policies that have been established for the account:
Last password change : | Jan | 20, | 2015 |
Password expires : | Apr | 19, | 2015 |
Password inactive : | May | 19, | 2015 |
Account expires : Jan 31, 2015
Minimum number of days between password change : 5 Maximum number of days between password change : 90 Number of days of warning before password expires : 14