3.4.3. Updating Users' Authentication
useradd usernamecommand, the password is automatically set to never expire (see the
passwd, the standard utility for administering the
/etc/passwdfile. The syntax of the
passwdcommand look as follows:
passwd option(s) username
!). If you later find a reason to unlock the account,
passwdhas a reverse operation for locking. Only
rootcan carry out these two operations.
passwd -l username
passwd -u username
Example 3.8. Unlocking a User Password
~]# passwd -l robert Locking password for user robert. passwd: Success ~]# passwd -u robert passwd: Warning: unlocked password would be empty passwd: Unsafe operation (use -f to force)
robert's account password successfully. However, running the
passwd -ucommand does not unlock the password because by default
passwdrefuses to create a passwordless account.
-eoption. The user will be forced to change the password during the next login attempt:
passwd -e username
-noption) and the maximum (the
-xoption) lifetimes. To inform the user about their password expiration, use the
-woption. All these options must be accompanied with the number of days and can be run as
Example 3.9. Adjusting Aging Data for User Passwords
~]# passwd -n 10 -x 60 -w 3 jane
janewill begin receiving warnings in advance that her password will expire to 3 day.
-Soption which outputs a short information for you to know the status of the password for a given account:
~]# passwd -S jane jane LK 2014-07-22 10 60 3 -1 (Password locked.)
useraddcommand, which disables the account permanently. A value of
0disables the account as soon as the password has expired, and a value of
-1disables the feature, that is, the user will have to change his password when the password expires. The
-foption is used to specify the number of days after a password expires until the account is disabled (but may be unblocked by system administrator):
passwdcommand see the
passwd(1) man page.