Q. How I should enforce users to change password at their first login ?

A. This is one of the very basic needs which shows up in most of the companies. As a system admin, I am sure this will be asked from you.

To setup this there are various ways, but I believe one of the very simplest one is the one I am going to explain below.

For ex: You created a new user “foo”:

# useradd foo

Create password for the user

# passwd foo

root@localhost # passwd foo
Changing password for user foo.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:

Then to force the user to change the password at the first login, simply set the password to expiry:

chage -d 0 foo

This command will set the password to expiry and will force user to change their password at the next login.

Setting it default for all new Users:

A system admin is one which who can do the work but a efficient system admin is the one who do the work manually first time and then make computer to work for him next time for same task. Same thing is true over here. You want all the new users added to your system, to be forced to change their password at the first login, update this file

vi /etc/default/useradd

This file contains the details, what all settings will be applied to the new users created into the system with useradd command.

Just set the value of EXPIRE=0 in this file, and after that, every time when a new user will be created, they will be forced to change the password at the next login.

I had read lots of posts about this topic and there was very general question everywhere that whether this will work in the GUI or not ?

So, I tested it in Ubuntu, and it was working very well.

password expired GUI

In this screen-shot, the user will get the prompt to change the password when the password is expired.

If you enjoyed this post, make sure you subscribe to my RSS feed!!!!