Forcing users to change their password

By: DamianMyerscough

February 21, 2008 1:22 am






When a new user is added to your system you have to setup a simple default password for them to login with, sometimes new users never change the default password thus allowing malicious users to crack the account very easily.


There are two possible solutions to this problem, the first solution is to create a complex default password which consists of alphanumerical characters. This solution helps prevent the risk of the user leaving the default password unchanged. The second solution is to force the user to change their password when they first login to the system and with Linux this is very simple.

The first step you should do is lock the users account to make sure they cannot login, issuing the “usermod” command with the “-L” qualifier will lock the users account as shown in Figure 1.

linux-w1ie:~ # usermod -L damian

Figure 1: Locking the users account.

Once the account has been locked you can issue the “chage” command with the “-d” qualifier to set the expiry date to zero as shown in Figure 1.1.

linux-w1ie:~ # chage -d 0 damian

Figure 1.1: Set password to expiry immediately.

Once you have set the password to expiry immediately you can unlock the users account using the “usermod” command with the “-U” qualifier as shown in Figure 1.2.

linux-w1ie:~ # usermod -U damian

Figure 1.2: Unlocking the users account.

The next time the user tries to login they will be presented with a message forcing them to change their password as shown in Figure 1.3.

linux-w1ie login: damian
Password change requested. Choose a new password.
Old Password:

Figure 1.3: Logging into the system via terminal.

If the user also logs in via the GDM interface they will also be prompted to change their password. The above method we just explained is a bit long winded, this process can be done with one command, simply issue the “passwd” command with the “-e” qualifier as shown in Figure 1.4.

linux-w1ie:~ # passwd -e damian
Password expiry information changed.

Figure 1.4: Forcing the user to change their password.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Tags: , ,
Categories: Enterprise Linux, Technical Solutions

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.