The users of a Linux Operating system computer, should always take care about security and if you are the admin of a Linux box with lots of users, you are responsible for the security of it, and maybe you should "force" the other users to change their passwords from time to time, to make this use the command chage
Apply this to a user, lets say johnny
sudo chage --list johnny
something like this may appear.
$sudo chage --list johnny
Last password change : Dec 10, 2009
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Now lets change change its expiry password date.
sudo chage -M 30 johnny
This will make its password to expire after 30 days of the last change date.
See now the new info:
$ sudo chage --list johnny
Last password change : Dec 10, 2009
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 30
Number of days of warning before password expires : 7
Now when I try to login as johnny, this is what I got:
$ su - johnny
Password:
You are required to change your password immediately (password aged)
Changing password for johnny.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
Password unchanged
Enter new UNIX password:
Retype new UNIX password:
I tried to use the same password again the Linux refused to let me use it, so I was forced to pick a new password.
It is good to have the warn days to 3 or more days, so the user may have time to think a new good password, otherwise will use the first thing he/she may read around resulting in a weak password, which is worse that not changing the original one.
To set the warn days use this command.
sudo chage -W 4 johnny
Now lets check the info for user johnny
$ sudo chage --list johnny
Last password change : Nov 11, 2009
Password expires : Dec 10, 2009
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 30
Number of days of warning before password expires : 4
Now you may see the new expiry date is Dec 10, 2009and he will have a 4 days warning about the expiry of his password.
