Friday, April 29, 2016

[Quick Tips: Passwd]: Password Management in Linux by using passwd command

Password Management in Linux by using passwd command




A password(commonly knows as passwd in linux) is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.

passwd command

The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.

PASSWD SYNTAX
 
passwd [OPTION] [USER]
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the named account (root only)
-u, --unlock unlock the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration
 (root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes 
disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)

Change the password for Normal user

When you logged in as non-root user like user1 in my case and run passwd command then it will reset password of logged in user.
 
[user1@localhost ~]$ passwd
Changing password for user user1.
Changing password for user1.
(current) UNIX password:
New password:
Retype new password:
passwd: 
all authentication tokens updated successfully.

When you logged in as root user and run passwd command then it will reset the root password by default and if you specify the user-name after passwd command then it will change the password of that particular user.

Display Password Status Information

To display password status information of a user , use -S option in passwd command.
[root@localhost ~]# passwd -S user1
user1 PS 2016-04-21 0 99999 7 -1 (Password set, SHA512 crypt.) 
 
In the above output first field shows the user name and second field shows Password status ( PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.

we can display password status information for all users at a time by using the option –Sa
root@localhost:~# passwd -Sa

Removing Password of a User

we can remove the password for particular user by using option -d
[root@localhost ~]# passwd -d user1 Removing password for user user1. passwd: Success [root@localhost ~]#

Lock the password of System User

Use ‘-l‘ option in passwd command to lock a user’s password, it will add “!” at starting of user’s password. A User can’t Change it’s password when his/her password is locked.
[root@localhost ~]# passwd -l user1 Locking password for user user1. passwd: Success

Unlock User’s Password using -u option

use -u option to unlock the user accounts locked by passwd -l option
[root@localhost ~]# passwd -u user1 Unlocking password for user user1. passwd: Success

Setting inactive days using -i option

use -i option along with  passwd command to set inactive days for a system user. This will come into the picture when password of user  expired and user didn’t change its password in ‘n‘ number of days ( i.e 7 days in my case)  then after that user will not able to login.
[root@localhost ~]# passwd -i 7 user1 Adjusting aging data for user user1. passwd: Success [root@localhost ~]# passwd -S user1 user1 PS 2016-04-21 0 99999 7 7 (Password set, SHA512 crypt.) [root@localhost ~]#

Setting Minimum No.of Days to Change Password using passwd -n option

Using the option -n along with passwd command we can set the minimum number of days to change the password. A value of zero shows that user can change it’s password in any time.
[root@localhost ~]# passwd -n 90 user1 Adjusting aging data for user user1. passwd: Success [root@localhost ~]# passwd -S user1 user1 PS 2016-04-21 90 99999 7 7 (Password set, SHA512 crypt.) [root@localhost ~]#

Setting the  Warning days before password expire using passwd -w option

Using the option -w along with passwd can be used to set the warning days before the password expires.
[root@localhost ~]# passwd -w 30 user1 Adjusting aging data for user user1. passwd: Success [root@localhost ~]# chage -l user1 Last password change : Apr 21, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 90 Maximum number of days between password change : 99999 Number of days of warning before password expires : 30 [root@localhost ~]#
 

No comments: