Password Aging Policies

By default, passwords do not expire. This means that it is possible for a user to have the same password indefinitely. This is situation in not very secure, because if a password has leaked, or been compromised, it will remain so forever.


The chage command is used to setup password aging. You  may set the maximum amount of time that a password is consideered valid before the system will force the user to change his password. The security policy of an organization will generally define the amount of time between password changes. It is also important to set the minimum amount of  time that a password must be used before it  can be changed. This prevents users from changing their password when required to by the system, and then changing it right back to the old value.


# chage ( option ) username

Common options used with the chage command:-

-m             Minimum days between password  changes
-M            Maxmium days between password changes
-I               Number of days inactive since password expired before locking account
-E date      Expire the password on this date
-W             Number of days before a required change to start warnings.