Controlling User Passwords

Once you have created a user account, you can control the user's access to it. Both the system-config-users and the passwd tool let you lock and unlock a user's account. You use the passwd command with the -l option to lock an account, invalidating its password, and you use the -u option to unlock it.

You can also force a user to change his or her password at given intervals by setting an expiration date for that password. Both system-config-users and the chage command let you specify an expiration limit for a user's password. A user could be required to change his or her password every month, every week, or at a given date. Once the password expires, the user will be prompted to enter a new one. You can issue a warning beforehand, telling the user how much time is left before the password expires. For accounts that you want to close, you can permanently expire a password. You can even shut down accounts that are inactive too long. In the next example, the password for the chris account will stay valid for only seven days. The -M option with the number of days sets the maximum time that a password can be valid.

chage -M 7 chris

Option

Description

-m

Minimum number of days a user must go before being able to change his password

-M

Maximum number of days a user can go without changing her password

-d

The last day the password was changed

-E

Specific expiration date for a password, date in format in yyyy-mm-dd or in commonly used format like mm/dd/yyyy

-I

Allowable account inactivity period (in days), after which password will expire

-W

Warning period, number of days before expiration when the user will be sent a warning message

-l

Display current password expiration controls

Table 28-2 Options for the Chage Command

Table 28-2 Options for the Chage Command

To set a particular date for the account to expire, use the -E option with the date specified mm/dd/yyyy:

chage -E 07/30/2003 chris

To find out what the current expiration settings are for a given account, use the -l option:

chage -l chris

You can also combine your options into one command, chage -M 7 -E 07/30/2003 chris

A listing of the chage options appears in Table 28-2.

0 0

Post a comment