Recipe 8.10. Managing Passwords

8.10.1 Problem

You need to reset a password, or put an expiration date on it, or you want to set a limit on failed login attempts. Resetting a password is the solution to the perennial "I forgot my password" problem; many Linux administrators think it's a good idea to "expire" passwords, forcing users to change them periodically.

8.10.2 Solution

Use passwd to set and configure passwords.

To reset or change a password use:

# passwd aborg

Users can also change their own passwords:

aborg@server04:~$ passwd

This command sets aborg's password to expire after six months, with five days' warning:

# passwd -x 180 -w 5 -i 1 aborg

To view a user's password settings, use:

# passwd -S option aborg P 02/18/2004 0 10 5 1

8.10.3 Discussion

Passwords can consist of numbers, letters, and punctuation marks, and they are case-sensitive. Don't use spaces or function keys. Strong passwords work best this means no names, no dictionary words, no birthdays or addresses. The best way to keep track of passwords is write them down and keep them in a safe place. Most people, if they can't remember all of their passwords, end up choosing weak, easily guessable passwords, or leaving them in obvious, insecure places (such as on a note stuck to the monitor).

Linux passwords are not designed to be recoverable. If a password is lost, the user must depend on the benevolence of the superuser to create a new one.

8.10.4 See Also

• passwd(1), passwd(5)