LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How do I force password reset and expiration of new user (https://www.linuxquestions.org/questions/linux-newbie-8/how-do-i-force-password-reset-and-expiration-of-new-user-4175533190/)

chass 02-05-2015 03:25 PM
How do I force password reset and expiration of new user
 
I need to be able to create new user accounts and make sure they're forced to reset their password upon first login, also if they don't log in within 4 days of the account creation their account must automatically lock. How do I accomplish this?

thank you.

ulto 02-05-2015 07:05 PM
'chage -d 0 username' will do the first part.
As for expiring accounts, well try 'chage -E $(date -d "+4 day" +"%D")' You may need to play around with it to get the date input to work but you get the idea.
Now how to tie that up with with a user never logging in, you will need to script it somehow, possibly write a cron job that will check chage -l for all users, grep the info you want and use that as a determination whether they satisfy your locking requirement.

Give it a go and see what you come up with.

Miati 02-05-2015 07:38 PM
You can force a change of password by next login with passwd.
Not sure how well it'll work on batch creating users but for one at a time works well

Code:
      -e, --expire
          Immediately expire an account's password. This in effect can force
          a user to change his/her password at the user's next login.

kapool 02-05-2015 10:37 PM
Quote:
Originally Posted by Miati (Post 5312776)
You can force a change of password by next login with passwd.
Not sure how well it'll work on batch creating users but for one at a time works well

Code:
      -e, --expire
          Immediately expire an account's password. This in effect can force
          a user to change his/her password at the user's next login.
Thanks Miati! I will do as you suggest.

Miati 02-05-2015 11:08 PM
This may be of interest:

Code:
      -i, --inactive INACTIVE
          This option is used to disable an account after the password has
          been expired for a number of days. After a user account has had an
          expired password for INACTIVE days, the user may no longer sign on
          to the account.
If you force a change of password by expiring it and set a inactive date of 4, if they do not login within 4 days... it's disabled.

This is in the man pages of passwd

Code:
man passwd

chass 02-06-2015 01:37 PM
Great replies, thanks very much guys!


All times are GMT -5. The time now is 10:37 PM.