I have a lot of users in my Linux servers. Security is important for me. I know that one of the important security measure is passwords. The length, complexity, change period etc. How can I force user to change password in first login? We will use change command to force user change password in the first login.

Check Current Status

We will check current user password status with chage command like below. We will provide the -l option which will list current password policy and related information about given user name. We will list the user name ismail password policy in this example.

$chage -l ismail

• `Last password change` will provide when the password is changed last time
• `Password Expires` will list when the password will expire
• `Account Expires` will list when the account will be expire
• `Maximum number of days between password change` will list gap between password change
• `Number of days of warning before password expires` will list when the warning to change password will be displayed before password change time.

Force User Password Change in The First Login

If we do not provide some time to the user for the password change we can force the user. In order to force the user we will use -d option by providing the time for change password. We will provide 0 day which will force the user to change password.

$ chage -d 0 ismail

• chage is the command used to change password policy
• -d 0 specifies password must change in 0 days which is first login
• test2 is our user the password policy will be applied

Check The Status Again

We will check if force password change implemented

$ chage -l ismail
Last password change                                    : password must be changed 
Password expires                                        : password must be changed 
Password inactive                                       : password must be changed 
Account expires                                         : never 
Minimum number of days between password change          : 0 
Maximum number of days between password change          : 99999 
Number of days of warning before password expires       : 7

As we see that lines provides password must be changed message.

How To Force User Change Password Upon First Logon? Infografic