5.3 Managing User Password Aging

As you know from working or being on the internet, some services have passwords that expire. You can arrange this in Linux with the chage command.

chage-1.png

Using chage to change user password settings

This will teach you how to use chage in the cli to set the password settings for the user Juliet.

Apparantly, Juliet is dead and we need to lock her account.

Either become root here or add sudo everywhere.

usermod -L juliet

Now attempt to login as Juliet. Make sure you are logged in into your student account!! root can always log in everywhere!

[greater@rhcsa ~]$ su - juliet
Password:
su: Authentication failure

It seems Juliet is still alive so we must unlock the account.

usermod -U juliet

Juliet should now be able to login again.

[greater@rhcsa ~]$ su - juliet
Password:
Last login: Tue Dec 18 12:42:05 UTC 2018 on pts/0
Last failed login: Tue Dec 18 12:42:38 UTC 2018 on pts/0
There were 1 failed login attempts since the last successful login.

   _____  _____   ______         _______  ______  _____
  / ____||  __ \ |  ____|    /\ |__   __||  ____||  __ \
 | |  __ | |__) || |__      /  \   | |   | |__   | |__) |
 | | |_ ||  _  / |  __|    / /\ \  | |   |  __|  |  _  /
 | |__| || | \ \ | |____  / ____ \ | |   | |____ | | \ \
  \_____||_|  \_\|______|/_/    \_\|_|   |______||_|  \_\

  _________
 |_________|

Welcome to rhcsa
You are logged in as: juliet

Juliet seems very fickle. Therefore, we want her to change her password every 90 days.

chage -M 90 juliet

Check the result with the chage command.

chage -l juliet

[greater@rhcsa ~]# sudo chage -l juliet
Last password change								: Dec 18, 2018
Password expires									: Mar 18, 2019
Password inactive									: never
Account expires										: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 90
Number of days of warning before password expires	: 7

However, Juliet might be dead again already. To escape this annoying game, let’s set her password that it needs to be changed at her next login.

chage -d 0 juliet

And when you log in, set her new password to greaterPass

[greater@rhcsa ~]$ su - juliet
Password: 
You are required to change your password immediately (root enforced)
Changing password for juliet.
(current) UNIX password: 
New password: 
Retype new password:

Now let’s have the account expire after 180 days. First we need to know when 180 days ahead is!

date -d "+180 days"

The result of this command, for example, is: Sun Jun 16 12:53:36 UTC 2019. We need this date part of this result in the form [year-month-day]

chage -E 2019-06-16 juliet

Check the result with chage.

[greater@rhcsa ~]# chage -l juliet
Last password change					: Dec 18, 2018
Password expires					: Mar 18, 2019
Password inactive					: never
Account expires						: Jun 16, 2019
Minimum number of days between password change		: 0
Maximum number of days between password change		: 90
Number of days of warning before password expires	: 7