How To Force Users To Change Their Linux LDAP Password

This tutorial shows you How To Force Users To Change Their Linux LDAP Password (Lightweight Directory Access Protocol ) using the chage command. A system administrator’s life is not an easy one. Maintaining system integrity, maintaining security, troubleshooting issues. There are so many spinning plates. When it comes to security you need your users to choose a strong password and you need them to change it periodically.

How To Force Users To Change Their Linux LDAP Password

How To Force Users To Change Their Linux LDAP Password

User Password Expiry Information

To find out about a user’s password expiry information run the following command:

chage -l

The returned information is as follows:

  • When the password was last changed
  • When the password expires
  • How many days of inactivity before the password expires
  • When the account expires
  • Minimum number of days between password changes
  • Maximum number of days between password changes
  • A number of days warning before the password expires.

How To Force A User To Change Their Linux LDAP Password Every 60 Days

You can force a user to change their password after a set number of days by using the following command:

sudo chage -M 60

You will need to use sudo to elevate your permissions to run this command or switch to a user who has the appropriate permissions using the su command.

If you now run the chage -l command you will see that the expiry date is set and the maximum number of days is 60.

You can, of course, specify the number of days that suits your own security policy.

Also Read-

»How To Change Hostname In Ubuntu 17.10 Without Restarting The System.

How To Set The Expiry Date For An Account

Imagine, guest user John and Patrice are visiting your office for a few days.

You can create each of them an account using the following adduser command:

sudo adduser john

sudo adduser patrice

Now that they have accounts you can set their initial passwords using the passwd command as follows:

sudo passwd john

sudo passwd patrice

Imagine that John and Patrice are leaving on the 1st January 2018.

You can set the expiry date for the accounts as follows:

sudo chage -E 2018-01-01 john

sudo chage -E 2018-01-01 patrice

If you run the chage -l command now you should see that the account will indeed expire on the 1st January 2018.

After an account is expired, an administrator can clear the expiration date by running the following command:

sudo chage -E -1 john

Also Read-

»How To Reset Forgotten Kali Linux Root Password.

Set The Number Of Days After The Linux LDAP Password Expires Before The Account Is Locked

You can set the number of days after a password expires when an account becomes locked. For example, if John’s password expired on Monday and the number of inactive days is 3 then John’s account will be locked on Saturday.

To set the number of inactive days run the following command:

sudo chage -I 6 john

The above command will give John 6 days to access his account and change the password before the account becomes locked.

An administrator can clear the lock by running the following command:

sudo chage -I -1 john

How To Warn A User Their Linux LDAP Password Is About To Expire

You can warn a user every time they log in that their password is going to expire.

For example, if you want John to be told that his password is going to expire in the next 10 days run the following command:

sudo chage -W 10 John

Also Read-

»Step By Step Change Root Password In Kali Linux 2018.1.

How To Prevent A User Changing Their Linux LDAP Password Too Often

If a user changes their password every day it probably isn’t a good thing. In order to change your password every day and remember it, you must be using some sort of pattern.

To prevent a user from changing their LDAP password too often you can set a minimum number of days before they can change the password.

sudo chage -m 6 john

It is up to you whether you enforce this option. Most people are lethargic when changing passwords as opposed to being obsessed with it.

You can remove the limit by specifying the following command:

sudo chage -m 0 john

This is how we can force users to change their Linux LDAP Password. If you found this tutorial helpful then Like and Share. If you got something else then feel free to comment.

Mangesh Dhulap

This is Mangesh Dhulap the Founder and Editor of IT SMART TRICKS have 6+ years of Industrial Experience. We expect from our visitors to like, share, and comment on our posts.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.