Lab 15: Manage Local User Passwords

Objective Focus

Manage users and groups: Change passwords and adjust password aging for local user accounts

When managing user passwords, we will primarily use chage, passwd, and usermod. After making any changes to user accounts with can reference files like /etc/shadow and /etc/passwd to make sure our changes happened correctly, in regard to aging parameters.

 $ chage

When using the chage command the date format will YYYY-MM-DD
-E option shows an example using command substitution
```
$ chage -E $(date -d +180days +%Y-%m-%d)
```

 $ chage -m 14 -M 36 -W 3 learner2

-m option: minimum days number of days between password changes
-M option: maximum number of days during which a password is valid
-W option: number of days of warning before a password change is required
learner2 is the user we want to apply changes to

 $ chage -l learner2

-l option: shows aging information

 $ passwd learner2

-S option: Shows information about the given account with respect to the password
-l option: Lock the account password. User will still be able to login using SSH keys. Use chage -E 0 user to fully lock the account
-u option: opposite of lock option

 $ usermod

Usermod has many options and we cover them in other labs. Here we are going to mention the lock and password related options.
-L option: Lock user password
-U option: Unlock user password
-p option: apply password to user account, do NOT use this. It will apply the text to the /etc/shadow in clear text

/etc/login.defs

We can also change the settings in the /etc/login.defs. The changes will only apply to user created after the change in the file.

As shown above, there are many way to change password attributes. Choose one and verify your changes. There are also ways to unlock and lock accounts. The main thing is remembering that the man pages are available if you need help to complete these tasks.

That’s all for this lab!!