Linux: Force Users To Change Their Password Upon First Login

How can you force user to change their password upon first login in Red Hat, CantOS, Fedora or apt based distributions such as Ubuntu?

You can use following tools to modify a linux users properties:

  • [usermod] command accept various parameters to change the user account parameters.
  • [chage] command is another alternate option to setup account lockouts, password expiries etc.

 

Doing a quick help on “chage” command you will see few options as shown below. These options determines the password aging parameters which can force users to change their passwords upon first login

[root@rh1t ~]# chage -l
Usage: chage [options] LOGIN

Options:
  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -R, --root CHROOT_DIR         directory to chroot into
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

 

Force Users To Change Their Password Upon First Login

[root@rh1t ~]# chage -d 0 test

Above command will force users to change their password upon first login i.e. User was able to authenticate with valid username and password at least once.

Further Reading

“man” pages are always our best friends to learn more about command and its parameters. Feel free to do a man chage to unleash the power of chage command.

Share your thoughts

*