Saturday 30 April 2016

Password Management in Linux by using passwd command




 A password(commonly knows as passwd in linux) is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.

passwd command
The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.
PASSWD SYNTAX

passwd [OPTION] [USER]
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the named account (root only)
-u, --unlock unlock the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration
(root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes 
disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)

Change the password for Normal user

When you logged in as non-root user like anu in my case and run passwd command then it will reset password of logged in user.
[anu@linuxgosolution ~]$ passwd
Changing password for user anu.
Changing password for anu.
(current) UNIX password:
New password:
Retype new password:
passwd: 
all authentication tokens updated successfully.
When you logged in as root user and run passwd command then it will reset the root password by default and if you specify the user-name after passwd command then it will change the password of that particular user.

Display Password Status Information

To display password status information of a user , use -S option in passwd command.
[root@linuxgosolution ~]# passwd -S anu
anu PS 2016-04-21 0 99999 7 -1 (Password set, SHA512 crypt.)
In the above output first field shows the user name and second field shows Password status (PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.
we can display password status information for all users at a time by using the option –Sa
root@linuxgosolution:~# passwd -Sa
 

Removing Password of a User

we can remove the password for particular user by using option -d
[root@linuxgosolution ~]# passwd -d anu
Removing password for user anu.
passwd: Success
[root@linuxgosolution ~]#

Lock the password of System User

Use ‘-l‘ option in passwd command to lock a user’s password, it will add “!” at starting of user’s password. A User can’t Change it’s password when his/her password is locked.
[root@linuxgosolution ~]# passwd -l anu
Locking password for user anu.
passwd: Success
 

Unlock User’s Password using -u option

use -u option to unlock the user accounts locked by passwd -l option
[root@linuxgosolution ~]# passwd -u anu
Unlocking password for user anu.
passwd: Success
 

Setting inactive days using -i option

use -i option along with  passwd command to set inactive days for a system user. This will come into the picture when password of user  expired and user didn’t change its password in ‘n‘ number of days ( i.e 7 days in my case)  then after that user will not able to login.
[root@linuxgosolution ~]# passwd -i 7 anu
Adjusting aging data for user anu.
passwd: Success
[root@linuxgosolution ~]# passwd -S anu
anu PS 2016-04-21 0 99999 7 7 (Password set, SHA512 crypt.)
[root@linuxgosolution ~]#
 

Setting Minimum No.of Days to Change Password using passwd -n option

Using the option -n along with passwd command we can set the minimum number of days to change the password. A value of zero shows that user can change it’s password in any time.
[root@linuxgosolution ~]# passwd -n 90 anu
Adjusting aging data for user anu.
passwd: Success
[root@linuxgosolution ~]# passwd -S anu
anu PS 2016-04-21 90 99999 7 7 (Password set, SHA512 crypt.)
[root@linuxgosolution ~]#

Setting the  Warning days before password expire using passwd -w option

Using the option -w along with passwd can be used to set the warning days before the password expires.
[root@linuxgosolution ~]# passwd -w 30 anu
Adjusting aging data for user anu.
passwd: Success
[root@linuxgosolution ~]# chage -l anu
Last password change                                    : Apr 21, 2016
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 90
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 30
[root@linuxgosolution ~]#

Thanks
Gurpreet Singh
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)