How to force a user to change their password on the next login?

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article. You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

UPDATED: 8 months ago | Elijah Were

$5.50 Monthly

4 vCPU Cores | 8GB RAM

$15.50 Monthly

6 vCPU Cores | 16GB RAM

$17.50 Monthly

8 vCPU Cores | 24GB RAM

Ensuring the security of user accounts is a critical aspect of any system administration. One common practice is to periodically prompt users to update their passwords. In this article, we will explore how to force a user to change their password on the next login using various command examples.

Checking User Information

Before enforcing a password change, it’s essential to gather information about the user account. The passwd command is a versatile tool for managing user passwords and related settings.

$ passwd -S username

The above command displays the current status of the user account, including the password status. Look for “PS” in the output, which indicates whether the password is set or not.

Forcing Password Expiry

To force a user to change their password on the next login, we can use the chage command. This command is used to modify user password expiry information.

$ sudo chage -d 0 username

Here, the -d 0 option sets the last password change date to the epoch (1970-01-01), effectively expiring the password. The user will be prompted to change their password the next time they log in.

Verifying Changes

After applying the password expiry settings, it’s a good practice to double-check the modifications using the chage -l command.

$ sudo chage -l username

This command provides detailed information about the user’s password aging settings. Ensure that the “Last password change” field reflects the recent change.

Optional: Forcing Immediate Logout

While the user will be prompted to change their password upon the next login, you may want to ensure immediate enforcement. The pam_tally2 command can be used to force a logout.

$ sudo pam_tally2 --user username --reset

This command resets the login failure count for the specified user, effectively logging them out. The user will be required to log in again, triggering the password change prompt.

Conclusion

Maintaining robust security practices involves proactively managing user account passwords. Utilizing the passwd and chage commands, can enforce password changes, reducing the risk of unauthorized access. Remember to verify changes and, if necessary, use additional commands like pam_tally2 for immediate enforcement. Regularly updating passwords is a crucial step in safeguarding systems against potential security threats.

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

Website migration, troubleshooting, and maintenance.
Server & application deployment, scaling, troubleshooting, and maintenance
Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx, OpenVPN, cPanel, WHMCS, WordPress, and more
Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.