When a new user is added to your system you have to setup a simple default password for them to login with, sometimes new users never change the default password thus allowing malicious users to crack the account very easily.
There are two possible solutions to this problem, the first solution is to create a complex default password which consists of alphanumerical characters. This solution helps prevent the risk of the user leaving the default password unchanged. The second solution is to force the user to change their password when they first login to the system and with Linux this is very simple.
The first step you should do is lock the users account to make sure they cannot login, issuing the “usermod” command with the “-L” qualifier will lock the users account as shown in Figure 1.
linux-w1ie:~ # usermod -L damian
Figure 1: Locking the users account.
Once the account has been locked you can issue the “chage” command with the “-d” qualifier to set the expiry date to zero as shown in Figure 1.1.
linux-w1ie:~ # chage -d 0 damian
Figure 1.1: Set password to expiry immediately.
Once you have set the password to expiry immediately you can unlock the users account using the “usermod” command with the “-U” qualifier as shown in Figure 1.2.
linux-w1ie:~ # usermod -U damian
Figure 1.2: Unlocking the users account.
The next time the user tries to login they will be presented with a message forcing them to change their password as shown in Figure 1.3.
linux-w1ie login: damian Password: Password change requested. Choose a new password. Old Password:
Figure 1.3: Logging into the system via terminal.
If the user also logs in via the GDM interface they will also be prompted to change their password. The above method we just explained is a bit long winded, this process can be done with one command, simply issue the “passwd” command with the “-e” qualifier as shown in Figure 1.4.
linux-w1ie:~ # passwd -e damian Password expiry information changed.
Figure 1.4: Forcing the user to change their password.