How Do You Get Passwords to Expire for Existing Users?

Problem scenario
You want passwords to rotate periodically for all users. You modified the /etc/login.defs file, and new users are inheriting the temporal rotational policies for passwords. How can pre-existing accounts be forced to periodically change their password?

Use this command for every password (but replace "jdoe" with the user you want to change and replace "30" with the number of days you want the password to last for before the user is forced to change it):

sudo chage -M 30 jdoe

# The user can still log in one more time after expiration.  The user will be forced at that log in to change their password.

# This will change the immediate future expiration date of the user's password.
# The user's password will forever need to change after the 30 days (or whatever number you entered).
# It is permanent (not a one-time expiration).

Leave a comment

Your email address will not be published. Required fields are marked *