LinuxQuestions.org - [SOLVED] Force change password for users in linux, without terminating the shell session

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Force change password for users in linux, without terminating the shell session (https://www.linuxquestions.org/questions/linux-newbie-8/force-change-password-for-users-in-linux-without-terminating-the-shell-session-4175510671/)

Force change password for users in linux, without terminating the shell session

Hello,

I am using CentOS 6.5 64 bit OS. I used chage command to force users to change their password on next login, for ex -

Code:

chage -d 0 admin

This forced the user to change the password, but terminated the session & the user was required to re-login with the new password.

Is there any way, any other command to avoid the session termination at the end of a successful password change?

Another thing I noted was that this command did not work for root user. The root user was not forced to change password. Anything I am missing here?

Thanks
Bhushan Pathak

To my knowledge you can't force GOD (root) to do anything, including changing the password.

ok, what about the session termination on successful password change?

It is a million years since I did IDM and User mangement. So my memory is a little rusty at this subject, so instead of getting your hopes up.
I hope another person will give you an answer to that question :)

I do not really understand: what do you mean by session termination? Kicking of the root user means reboot. If you want to change the password of root just do that.

@pan64 - He/she wants to be able to change the password of a normal user, without terminating the users sessions. Then he asked if it was possible to force the root to change password.
Two different questions

see man passwd:

Code:

      -e, --expire

          Immediately expire an account's password. This in effect can force a user to change his/her password at the user's next

          login.

only root can use it. but actually there is no meaning to force myself (root as root) to change password

Anyone about the session termination on successful password change - how to avoid that?

Thanks
Bhushan Pathak

@BhushanPathak as “pan64 writes see the man page, so what you do as root is:

Code:

passwd -e #username#

So the next time he/she tries to logon to the system they have to change the password, this does not kill the current session

I tried that out. I executed the following as root -

Code:

# passwd -e admin

Expiring password for user admin.

passwd: Success

I then opened a new SSH session & logged in as admin user, but I was not forced to change my password.

how did you try that? With passwordless login?

Nope, I provided username & old password for admin user, but was not prompted for changing the password, like in the case when chage command is used.

what is the user id of admin?
what is in /etc/nsswitch.conf?

Following are the details -

Code:

# id admin

uid=783(admin) gid=783(admin) groups=783(admin)





# cat /etc/nsswitch.conf

#

# /etc/nsswitch.conf

#

# An example Name Service Switch config file. This file should be

# sorted with the most-used services at the beginning.

#

# The entry '[NOTFOUND=return]' means that the search for an

# entry should stop if the search in the previous entry turned

# up nothing. Note that if the search failed due to some other reason

# (like no NIS server responding) then the search continues with the

# next entry.

#

# Valid entries include:

#

#      nisplus                Use NIS+ (NIS version 3)

#      nis                    Use NIS (NIS version 2), also called YP

#      dns                    Use DNS (Domain Name Service)

#      files                  Use the local files

#      db                      Use the local database (.db) files

#      compat                  Use NIS on compat mode

#      hesiod                  Use Hesiod for user lookups

#      [NOTFOUND=return]      Stop searching if not found so far

#



# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd:    db files nisplus nis

#shadow:    db files nisplus nis

#group:    db files nisplus nis



passwd:    files

shadow:    files

group:      files



#hosts:    db files nisplus nis dns

hosts:      files dns



# Example - obey only what nisplus tells us...

#services:  nisplus [NOTFOUND=return] files

#networks:  nisplus [NOTFOUND=return] files

#protocols:  nisplus [NOTFOUND=return] files

#rpc:        nisplus [NOTFOUND=return] files

#ethers:    nisplus [NOTFOUND=return] files

#netmasks:  nisplus [NOTFOUND=return] files



bootparams: nisplus [NOTFOUND=return] files



ethers:    files

netmasks:  files

networks:  files

protocols:  files

rpc:        files

services:  files



netgroup:  nisplus



publickey:  nisplus



automount:  files nisplus

aliases:    files nisplus

I have understood you

Same here.
In my case I'm using LDAP authentification.
When the parameter shadowLastChange is zero or less, the user is forced to change the password during the first autentication.
The problem is: one time the authentication is made and the user has changed his passwd, the session closes with the error "password change failed: Invalid credentials".
However, the password is changed and in the next login the new passwd works correctly.

ssh lguillem@127.0.0.1
lguillem@127.0.0.1's password:
You are required to change your password immediately (root enforced)
need a new password
Last login: Fri Feb 16 13:23:15 2018 from gateway
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user lguillem.
(current) LDAP Password:
New password:
Retype new password:
password change failed: Invalid credentials
passwd: all authentication tokens updated successfully.
Connection to 127.0.0.1 closed.