Force User to Change Password at First Login

Create user “user”:
# useradd user

Create password for the user
# passwd user
Set the password to expiry:
#chage -d 0 user

Setting it default for all new Users:
#vi /etc/default/useradd
EXPIRE=0 #(need to add zero “0”)
This file contains the details, what all settings will be applied to the new users created into the system with useradd command.
Just set the value of EXPIRE=0 in this file, and every time when a new user will be created, will be forced to change the password at first login.

password duration:
for new accounts default settings are in /etc/login.defs
settings for current accounts are in /etc/shadow but we edit by command chage
chage -l [user] #check settings for user
chage -E “YYYY-MM-DD” [user] #set date when account expire, -1 means never
chage -M [nr] [user] #set maximum number of days between password change from last password change, -1 means never expire
chage -d “YYYY-MM-DD” [user] #set last password change
chage -W [nr] [user] #number of days of warning before password expires
chage -i [nr] [user] #set password inactive, when account is blocked after password expire

another way:
# yum install chage
List the password and its related details for an user
# chage –-list username
# chage -l username
!!!Is not working for same user.

Set Password Expiry Date for an user using chage option -M
# chage -M number-of-days userName
# chage –list userName
Set the Account Expiry Date for an User:
# chage -E “2015-11-29” userName
# chage -l userName

Force the user account to be locked after X number of inactivity days:
# chage -I 10 userName
# chage -l userName

Disable password aging for an user account:
# chage -m 0 -M 99999 -I -1 -E -1 userName
# chage –list userName

