“chage” command is used for checking the user password related information. Such as, password expiry date and min & max days for password change etc.
Syntax:
Chage -l user-name
“-l” option will list the user password information.
Example output of this command is given below,
[root@linbox1 log]# chage -l john
Last password change : never
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Last password change : never
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Now, to change the settings of the password, remove “-l” option and type the same command.
Syntax:
chage user-name
Example output:
It will ask to change each option step by step.
We can assign new values against the section. If we want to specify default values, then we can simply press enter. The same is highlighted in below output.
[root@linbox1 log]# chage admin
Changing the aging information for admin
Enter the new value, or press ENTER for the default Minimum Password Age [0]: 2
Maximum Password Age [99999]:
Last Password Change (YYYY-MM-DD) [-1]:
Password Expiration Warning [7]: 3
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [-1]:
Changing the aging information for admin
Enter the new value, or press ENTER for the default Minimum Password Age [0]: 2
Maximum Password Age [99999]:
Last Password Change (YYYY-MM-DD) [-1]:
Password Expiration Warning [7]: 3
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [-1]:
Disabling the password aging for a user:
Let’s ask ourselves a question, that why in the first place we want to stop aging of a user password?
“It could be a non-human user account or application account for which, we don’t want the password to be expired.”
The command for this is #chage –l -1 –m 0 –M 99999 –E -1 <user_name>
- -I -1 : This will set the “Password inactive” to never
- -m 0 : This will set the minimum number of days between password change to 0
- -M 99999 : This will set the maximum number of days between password change to 99999
- -E -1 : This will set “Account expires” to never.
[root@sys2 ~]# chage -I -1 -m 0 -M 99999 -E -1 john
[root@sys2 ~]# chage -l john
Last password change : Jan 26, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@sys2 ~]# chage -l john
Last password change : Jan 26, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Enable password expiry of a user
Practical usage,
According to organization security standards, we might want to force user to change their machine password for every certain period.
Command Syntax:
chage –M 20 user-name
as seen “-m” option for giving the max day’s limit for password change. Sample example is,
[root@sys2 ~]# chage -M 20 john
[root@sys2 ~]# chage -l john
Last password change : Jan 26, 2016
Password expires : Feb 15, 2016
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
[root@sys2 ~]# chage -l john
Last password change : Jan 26, 2016
Password expires : Feb 15, 2016
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
Set the expiry date for password
Practical usages,
Forcing every user to change their password on a particular date.
Might want to disable someone account and their final date with organization or team is finalized.
Command syntax:
chage –E “YYYY-MM-DD” user-name
Command example output,
[root@sys2 ~]# chage -E "2016-05-28" john
[root@sys2 ~]# chage -l john
Last password change : Jan 26, 2016
Password expires : Feb 15, 2016
Password inactive : never
Account expires : May 28, 2016
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
[root@sys2 ~]# chage -l john
Last password change : Jan 26, 2016
Password expires : Feb 15, 2016
Password inactive : never
Account expires : May 28, 2016
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
Setting warning for password change
This will be helpful in notifying the user about the password change beforehand.
chage –W 10 <user name>
Above property setup will inform or notify the user 10 days before the expiry date. And from that day onwards, everyday notification is sent till password is updated.
How user will be notified about the password change?
User should change the password in next login:
This will be helpful for the users to update their password to their desired string.
Practical usages,
System admin reset the password to some random string. We have shared the same password to user and user can update it to his desired password.
First time account is created with help of automated tools and want to provide an option for user to change their password.
Command syntax:
chage –d 0 user-name
[root@sys2 ~]# chage -d 0 john
Now, when john tries to login with his credentials, then he would be asked to change the password to new value.
Note:
If you have answers for above questions then you are good. If din’t find one, then click on any question to redirect to the answer on the page.
Posts
![IVRAMANA](https://draft.blogger.com/img/profile_blank_gray.jpg" title="IVRAMANA)
0 comments:
Post a Comment