How to force automatic change of password?

Tim Frost timfrost at xtra.co.nz
Wed Apr 22 10:39:52 UTC 2009 

On Tue, 2009-04-21 at 22:15 -0700, Jonathan D. Armendariz wrote:
> Hello,
> 
> I had a question that hopefully I'll be able to articulate successfully. 
> At work the policy is that automatically we have to change out 
> login/network passwords every 60 days or so. Having poked around a bit 
> here (9.04) I failed to see a way to set this up in such a manner on my 
> box. I'm wondering if this is possible and if so, how? Any suggestions 
> would certainly be helpful!

You can set the attributes for an existing user (as long as that user is
not logged in) with:
 sudo passwd  --maxdays 60  <username>
and expire the password (forcing them to change the password at next
login) with
 sudo passwd  --expire <username>
The end result is that:
* the user will have to change their password on next login
* they will have to change the password every 60 days

You may manually edit /etc/shadow and change the settings.  For example,
my system has a locked nobody account, with the following entry:
nobody:*:14287:0:99999:7:::
that says that:
* the password was last changed on day 14287 since epoch
   (the number of days since January 1 1970 00:00:00 GMT, which
    translates here to 12 February 2009, the day I installed this
    system). 
* it can be changed as often as the user wants
* the password is to expire after 99999 days
* warnings that the password is due to expire start 7 days before expiry


Changing the 99999 to 60 is equivalent to the '--maxdays 60' option in
the passwd command above.   But make sure that you don't remove any of
the colon (:) characters, as they are field separators!!!


To set the value for new users that are added, edit /etc/login.defs, and
change PASS_MAX_DAYS from the default of 99999 to 60.


Note that the date comparisons are done based on GMT/UCT.  This means
that I would get a warning on logging in after midday NZST, but would
not have been warned when I logged in during the morning.  Users in the
Americas would get the warning at some time in the evening.

> 
> Kindest regards..
> 

Tim


-- 
Tim Frost <timfrost at xtra.co.nz>

More information about the ubuntu-users mailing list