How to Manage passwords and password policies on ubuntu server 21.04
Set an expiration date on a user's password
Step 1 : Type chage -l username command to display expiration date on a user's password.
sudo chage -l myuser
Step 2 : When creating user accounts, The chage command allows you to force a password change for a user when he or she first logs in.
sudo chage -d 0 myuser
Step 3 : You can see the results of this command immediately if you run chage -l again against the user account you just modified:
Step 4 : To set a user account to require a password change after a certain period of days, the following example will do the trick:
sudo chage -M 90 myuser
Step 5 : We can set the minimum number of days between password change by using the option -m along with chage command as follows.
sudo chage -m 5 myuser
Setting a password policy
A password policy allows you to force requirements on your users for things such as length, complexity, and so on.
Step 6 : To configure options for password requirements, let's first install the required Pluggable Authentication Module (PAM):
sudo apt install libpam-cracklib
Step 7 : You need to edit the file /etc/pam.d/common-password, enter:
sudo nano /etc/pam.d/common-password
difok=3 : This configuration details that at least three characters have to be different before the password is considered acceptable. Otherwise, the password would be deemed too similar to the old one and refused.
minlen=8 : The minimum acceptable size for the new password.
retry=3 : Prompt user at most 3 times before returning with error.