Set an expiration date on a user's password
Step 1 : Type chage -l username command to display expiration date on a user's password.
Step 2 : When creating user accounts, The chage command allows you to force a password change for a user when he or she first logs in.
Step 3 : You can see the results of this command immediately if you run chage -l again against the user account you just modified:
Step 4 : To set a user account to require a password change after a certain period of days, the following example will do the trick:
Step 5 : We can set the minimum number of days between password change by using the option -m along with chage command as follows.
Setting a password policy
A password policy allows you to force requirements on your users for things such as length, complexity, and so on.
Step 6 : To configure options for password requirements, let's first install the required Pluggable Authentication Module (PAM):
Step 7 : You need to edit the file /etc/pam.d/common-password, enter:
difok=3 : This configuration details that at least three characters have to be different before the password is considered acceptable. Otherwise, the password would be deemed too similar to the old one and refused.
minlen=8 : The minimum acceptable size for the new password.
retry=3 : Prompt user at most 3 times before returning with error.