If you have ever worked for a corporation or used IT services at a university, you have undoubtedly been prompted at one time to change your password. It is annoying and seems like a waste of time, but it is important. Running a web server that gives all or some users shell access means you are open to more vulnerabilities than if you were flying solo.

Password aging is one way to make sure users changing their passwords often to lessen the likelihood that would-be attackers can figure them out and exploit them. The “chage” command in Linux allows you to change the number of days between password changes. To set the minimum days (i.e. the number of days before a user must change his/her password) enter:

# chage -m

So, if you want the user called “bob” to change his password in 90 days, you would enter:

# chage -m 90 bob

After 90 days, bob will be prompted for a password change. You can also set expiration dates for accounts and inactive passwords. If you have particularly stubborn users who refuse to use secure passwords, this is a way to prompt them often until they run out of uncreative password ideas. Please use this tool only for good.

(no votes)

0 comments