Logo

How to Manage passwords and password policies on ubuntu server 21.04

Aug 10, 2021

Set an expiration date on a user's password

Step 1 : Type chage -l username command to display expiration date on a user's password.

sudo chage -l myuser

Step 2 : When creating user accounts, The chage command allows you to force a password change for a user when he or she first logs in.

sudo chage -d 0 myuser

Step 3 : You can see the results of this command immediately if you run chage -l again against the user account you just modified:

Step 4 : To set a user account to require a password change after a certain period of days, the following example will do the trick:

sudo chage -M 90 myuser

Step 5 : We can set the minimum number of days between password change by using the option -m along with chage command as follows.

sudo chage -m 5 myuser

Setting a password policy

A password policy allows you to force requirements on your users for things such as length, complexity, and so on.

Step 6 : To configure options for password requirements, let's first install the required Pluggable Authentication Module (PAM):

sudo apt install libpam-cracklib 

Step 7 : You need to edit the file /etc/pam.d/common-password, enter:

sudo nano /etc/pam.d/common-password

difok=3 : This configuration details that at least three characters have to be different before the password is considered acceptable. Otherwise, the password would be deemed too similar to the old one and refused.

minlen=8 : The minimum acceptable size for the new password.

retry=3 : Prompt user at most 3 times before returning with error.