Ubuntu - Passwords - Set Up Password Aging for Users

The chage command changes the number of days between password changes and the date of the last password change.

This information is used by the system to determine when a user must change their password.

The /etc/login.defs file defines the site-specific configuration for the shadow password suite including password aging configuration.

sudo chage -M 60 -m 7 -W 7 userName

sudo chage -M 99999 userName

sudo chage -l userName

Finally, you can also edit the /etc/shadow file in the following fields:

{userName}:{password}:{lastpasswdchanged}:{Minimum_days}:{Maximum_days}:{Warn}:{Inactive}:{Expire}:

Where,

• Minimum_days: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change their password.
• Maximum_days: The maximum number of days the password is valid (after that user is forced to change their password).
• Warn: The number of days before password is to expire that user is warned that their password must be changed.
• Expire: Days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

It is recommended to use the chage command instead of editing the /etc/shadow file by hand,