Force Linux User to Change Password

Force Linux User to Change Password

If we create a user account with the default password, we can use this trick to force the user to change their account’s default password when they first login to their account. This will hopefully improve the security of their account. We can achieve this in two ways.

1) Using passwd command

2) Using chage command

 

 Using passwd Command

The passwd command is used to change the password of a user account. A normal user can run passwd to change their own password, and the root user can use passwd to change another user’s password or define how each user account’s password can be used or changed.

To force a user to change his password we use passwd command with -e or –expire switches. The –expire or -e switches will expire current password of the user account and forcing the user to change the current password to a new one on next login.

# passwd –expire test

Expiring password for user test.

passwd: Success

To verify the password expiration and aging information of user account test, we can use the chage command.

# chage -l test

Last password change                                                                : password must be changed

Password expires                                                                         : password must be changed

Password inactive                                                                        : password must be changed

Account expires                                                                            : never

Minimum number of days between password change          : 0

Maximum number of days between password change          : 99999

Number of days of warning before password expires             : 7

After setting the password expiration user will get the below screen on next login.

ssh test@159.89.174.23
test@159.89.174.23’s password:
You are required to change your password immediately (root enforced)
Last login: Tue Mar 13 04:22:24 2018 from 202.83.46.160
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user test.
Changing password for test.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to 159.89.174.23 closed.

 

Using chage command

The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

Alternatively, we can use the chage command with -d or –lastday switches.

-d, –lastday LAST_DAY
Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced to change his password on the next log on.

For this, we run the below command.

#chage –lastday 0 test1

This command will tell the server that the password has not been changed since the above date (i.e. January 1st, 1970), so the password has literally expired and needs to be changed immediately before the user can access the server again.

To verify the user account test1’s password expiration and aging information we can use the below command.

#chage -l test1

When the user test1 try to login the server after the password expiration has been set, the user will get the below screen and force the user to change the password.

$ ssh test1@159.89.174.23

test1@159.89.174.23’s password:

You are required to change your password immediately (root enforced)

Last login: Tue Mar 13 05:33:55 2018 from 202.83.46.160

WARNING: Your password has expired.

You must change your password now and login again!

Changing password for user test1.

Changing password for test1.

(current) UNIX password:

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

It is always recommended to remind users to change their account passwords regularly for security reasons. So we can use the above methods for forcing the user to change their password.

 

If you need any further assistance please contact our support department.

 

 

Leave a Reply