In multi-user Linux environment, it's a standard practice to create user accounts with some random default password. Then after a successful login, a new user can change the default password to his or her own. For security reasons, it is often recommended to "force" users to change the default password after the first login to make sure that the initial one-time password is no longer used.
Here is how to force a user to change his or her password on the next login.
Every user account in Linux is associated with various password-related configurations and information. For example, it remembers the date of the last password change, the minimum/maximum number of days between password changes, and when to expire the current password, etc.
A command-line tool called chage can access and adjust password expiration related configurations. You can use this tool to force password change of any user at the next login.
To view password expiration information of a particular user (e.g., alice), run the following command. Note that you need root privilege only when you are checking password age information of any other user than yourself.
Force Password Change for a User
If you want to force a user to change his or her password, use the following command.
Originally the "-d <N>" option is supposed to set the "age" of a password (in terms of the number of days since January 1st, 1970 when the password was last changed). So "-d0" indicates that the password was changed on January 1st, 1970, which essentially expires the current password, and causes it to be changed on the next login.
Another way to expire the current password is via passwd command.
The above command has the same effect of "chage -d0", making the current password of the user expire immediately.
Now check the password information of the user again, and you will see:
When you log in again, you will be asked to change the password. You will need to verify the current password one more time before the change.
To set more comprehensive password policies (e.g., password complexity, reuse prevention), you can use PAM. See the article for more detail.
Subscribe to Ask Xmodulo
Do you want to receive Linux related questions & answers published at Ask Xmodulo? Enter your email address below, and we will deliver our Linux Q&A straight to your email box, for free. Delivery powered by Google Feedburner.
Did you find this tutorial helpful? Then please be generous and support Xmodulo!