HowTo Set User Password Expiration Policy on Linux

The password policy can allow users can use the same passwords indefinitely or specify that passwords expire after a given time. In general, the longer a password is in use, the more likely it is to be discovered. If passwords expire too often, however, users may have trouble remembering them and resort to writing their passwords down. A common policy is to have passwords expire every 30 to 90 days. Below is the example of setting the password Expiration policy for a particular user after every 60 days.

First, get the list of password policies set for a user "nikesh" using following command

# chage --list nikesh

Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: Aug 10, 2009
Password Expires: Never
Password Inactive: Never
Account Expires: Never

Now lets change its expiry password date using following command

# chage -M 60 nikesh

This will make its password to expire after 60 days of the last change date, check the information using command  chage --list nikesh

Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: Aug 10, 2009
Password Expires: Oct 09, 2009
Password Inactive: Never
Account Expires: Never

Now set the warning time period for password expiration so that user can think of some good strong password, this can be done using command chage -W 5 nikesh and after setting the warning period check the information for that particular user.

Minimum: 0
Maximum: 99999
Warning: 5
Inactive: -1
Last Change: Aug 10, 2009
Password Expires: Oct 09, 2009
Password Inactive: Never
Account Expires: Never