How to Manage Password Expiration & Aging Using The passwd Command

In first part we already discussed basic things about passwd command such as what is passwd command and how it’s work. Also, we covered the below two topics.

1) How to set/change the root user password.

2) How to set/change other user’s password.

Today we are going to teach you other options, mainly we are going to focus on password Expiration & Aging part.

1) How to lock user password

We can lock the users password by adding -l option with passwd command, Which will lock the users account permanently.

# Locking user password #
root@2daygeek [~]# passwd -l mageshm
Locking password for user mageshm.
passwd: Success

If the user account password was locked, the user can’t login into him/her account. I have locked mageshm user account and he can’t able to login using him password, see the below output, it shows Permission denied, please try again.

# Trying to login locked user account #
root@2daygeek [~]# ssh [email protected]
[email protected]'s password:
Permission denied, please try again.

2) How to unlock user password

We can unlock the users password by adding -u option with passwd command, Which will unlock the users account permanently.

# Unlocking user password #
root@2daygeek [~]# passwd -u mageshm
Unlocking password for user mageshm.
passwd: Success

Now, the user can able to login him account. See the below output.

# Trying to login unlocked user account #
root@2daygeek [~]# ssh [email protected]
[email protected]'s password:
mageshm@2daygeek [~]$

3) Make the user password expiry immediately

If we are in critical situation (security issue) and want to force the user to change the password immediately, we can do by adding -e option with passwd command.

# Force the user to change password #
root@2daygeek [~]# passwd -e mageshm
Expiring password for user mageshm.
passwd: Success

If the user trying to login him/her account, it will ask the users to change the password immediately, see the below output.

# User need to change password immediately #
root@2daygeek [~]# ssh [email protected]
You are required to change your password immediately (root enforced)

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user mageshm.
Changing password for mageshm.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to 192.168.0.100 closed.

4) How to set minimum password lifetime

We can set the minimum password lifetime to users password by adding -n option with passwd command.

# set minimum password lifetime #
root@2daygeek [~]# passwd -n 0 mageshm
Adjusting aging data for user mageshm.
passwd: Success

See the below output, the user password expiry minimum lifetime has been set to 0.

# Setting password expiry minimum lifetime #
root@2daygeek [~]# passwd -S mageshm
mageshm PS 2015-10-19 0 99999 7 -1 (Password set, SHA512 crypt.)

5) How to set maximum password lifetime

We can set the maximum password lifetime to users password by adding -x option with passwd command.

# set maxmimum password lifetime #
root@2daygeek [~]# passwd -x 99999 mageshm
Adjusting aging data for user mageshm.
passwd: Success

See the below output, the user password expiry maximum lifetime has been set to 99999.

# Setting password expiry maximum lifetime #
root@2daygeek [~]# passwd -S mageshm
mageshm PS 2015-10-19 0 99999 7 -1 (Password set, SHA512 crypt.)

6) How to set warning alert

We can set the warning message (Number of days warning users receives before password expiration) to users password by adding -w option with passwd command.

# set warning message lifetime #
root@2daygeek [~]# passwd -w 7 mageshm
Adjusting aging data for user mageshm.
passwd: Success

See the below output, the user password warning message alert has been set to 7. And user will get alert message before 7 days onwords for password reset.

# set warning message lifetime #
root@2daygeek [~]# ssh [email protected]
[email protected]'s password:
Warning: your password will expire in 6 days

7) How to delete the password for user

We can delete the user password by adding -d option with passwd command. After that you can login the account without password.

# set warning message lifetime #
root@2daygeek [~]# passwd -d mageshm
Adjusting aging data for user mageshm.
passwd: Success

8) How to disable user account

We can disable the user account after password expiry (number of days after password expiration when an account becomes disabled) by adding -i option with passwd command.

# Disable user account #
root@2daygeek [~]# passwd -i -2 mageshm
Adjusting aging data for user mageshm.
passwd: Success

That’s it as of now, will comes with chage command example, Please tune with 2daygeek to get latest LINUX GEEKS….)

About Vinoth Kumar

Vinoth Kumar has 3.5+ years of experience in Linux server administration & RHEL certified professional. He is currently working as a Senior L2 Linux Server administrator.

View all posts by Vinoth Kumar

Leave a Reply

Your email address will not be published. Required fields are marked *