chage command

samalchow · 01-26-2014, 07:29 PM

So I've changed this setting, just to play around with it, for my default user to '2'.

But let I can freely change my password multiple times during the day. Is there something that needs to get restarted before the changes take affect?

myatthu · 01-27-2014, 03:17 AM

Can you put the output of chage -l

Code:

chage -l <username>

samalchow · 01-27-2014, 07:09 PM

Last password change : Jan 27, 2014
Password expires : Feb 21, 2014
Password inactive : never
Account expires : never
Minimum number of days between password change : 2
Maximum number of days between password change : 25
Number of days of warning before password expires : 7

myatthu · 01-27-2014, 10:00 PM

It is strange. How do you try to change password?
For your reference, below is my test account.

Code:

chage -l testuser
Last password change                                    : Jan 28, 2014
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 1
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

That is feedback message

Code:

Changing password for testuser.
(current) UNIX password:
You must wait longer to change your password
passwd: Authentication token manipulation error
passwd: password unchanged

samalchow · 01-27-2014, 11:19 PM

Using the passwd command

Is there other ways of changing it?

myatthu · 01-27-2014, 11:55 PM

Do you enable shadow file? Run pwconv to enable it.

Code:

pwconv

samalchow · 01-28-2014, 06:10 PM

Quote:

Originally Posted by myatthu

Do you enable shadow file? Run pwconv to enable it.

Code:

pwconv

What will that do?

myatthu · 01-28-2014, 06:42 PM

chage command required shadow password enabled

clacour · 01-29-2014, 02:19 PM

Quote:

Originally Posted by samalchow

What will that do?

It will move the passwords out of /etc/passwd, and into a file called /etc/shadow. /etc/shadow is normally much more restricted than /etc/passwd, so people can't get the passwords and try a dictionary attack on them.

If this is your own machine, I'd recommend it - it's much more secure.

If this machine doesn't belong to you (belongs to the company, for example), get the ok before doing it. I can't imagine any company knowingly NOT using shadow passwords, but still not a good idea to change things without warning them.