Oracle SolarisSolaris 11Solaris 11.3Solaris 11.4

Managing Password Aging in Solaris OS

Photo of Prashanth Nimesh Prashanth Nimesh Send an email March 31, 2023Last Updated: April 18, 2024
0 444 3 minutes read
manage password aging solaris 11 -

This tutorial focuses on using the passwd command to manage password aging in Solaris OS for any user.

If your question is one of the following, then this tutorial is for you:

  • Chage command in Solaris
  • How to change password expiry in Solaris
  • How to change password expiry in Solaris 11
  • Solaris equivalent for chage -d
  • How to change password warn days in Solaris
  • How to turn off password aging for a user in Solaris

What is Password Aging?

Password aging is a mechanism you can use to force users to periodically change their passwords.

Password aging allows you to:

  • Force a user to choose a new password the next time the user logs in.
  • Specify a maximum number of days that a password can be used before it has to be changed.
  • Specify a minimum number of days that a password has to be in existence before it can be changed.
  • Specify that a warning message be displayed whenever a user logs in a specified number of days before the user’s password time limit is reached.
  • Specify a maximum number of days that an account can be inactive. If that number of days pass without the user logging in to the account, the user’s password will be locked.
  • Specify an absolute date after which a user’s password cannot be used, thus denying the user the ability to log on to the system.

These password aging parameters are applied on user-by-user basis. You can have different password aging requirements for different users. (You can also set general default password aging parameters in /etc/default/passwd file. Check the tutorial here.)

Forcing Users to Change Passwords

There are two ways to force a user to change passwords the next time the user logs in:

  1. Force change keeping password aging rules in effect
passwd -f username
  1. Force change and turn off password aging rules
passwd -x 0 username

Setting a Password Age Limit

The -max argument to the passwd command sets an age limit for the current password
passwd -x max username
  • max is one of the following values:
    • Greater than zero. Any number greater than zero sets the number of days before the password must be changed.
    • Zero (0). A value of zero (0) forces the user to change passwords the next time the user logs in, and it then turns off password aging.
    • Minus one (-1). A value of minus one (-1) turns off password aging. In other words, entering passwd -x -1 username cancels any previous password aging applied to that user.

For example, to force the user ‘baba’ to change passwords every 45 days, you would type the command:

passwd -x 45 baba

Setting Minimum Password Life

The min argument to the passwd command specifies the number of days that must pass before a user can change passwords.

passwd -x max -n min username

Where:

  • max is the maximum number of days a password is valid as described in the section above
  • min is the minimum number of days that must pass before the password can be changed.

For example, to force the user ‘baba’ to change passwords every 45 days, and prevent him from changing it for the first 7 days you would type the command:

passwd -x 45 -n 7 baba
Note: If you do use the min argument, it must always be used in conjunction with the -max argument. In other words, in order to set a minimum value you must also set a maximum value.

Establishing a Warning Period

The warn argument to the passwd command specifies the number of days before a password reaches its age limit that users will start to seeing a Your password will expire in N days message (where N is the number of days) when they log in.

passwd -x max -w warn username

Where:

  • username is the login ID of the user.
  • max is the maximum number of days a password is valid.
  • warn is the number of days before the password reaches its age limit that the warning message will begin to be displayed.

For example, to force the user ‘baba’ to change passwords every 45 days, and display a warning message 5 days before the password reaches its age limit you would type the command:

passwd -x 45 -w 5 baba
Note: If you do use the warn argument, it must always be used in conjunction with the max argument. In other words, in order to set a warning value you must also set a maximum value.

Turning Off Password Aging

There are two ways to turn off password aging for a given user:

  1. Turn off aging while allowing user to retain current password
passwd -x -1 username
  1. Force user to change password at next login, and then turn off aging
passwd -x 0 username

For example, to force the user ‘baba’ to change passwords the next time he logs in and then turn off password aging you would type the command:

passwd -x 0 baba

Read More:-

How to unlock a user account in Solaris 11

How to enforce password complexity in Solaris

Reference Links:-

0 0 votes
Article Rating

Tags
Photo of Prashanth Nimesh Prashanth Nimesh Send an email March 31, 2023Last Updated: April 18, 2024
0 444 3 minutes read
Photo of Prashanth Nimesh

Prashanth Nimesh

I have passed B.Tech in Computer Science and currently working as a System Administrator with over 4 years of experience in the IT field. I am also the creator of the theGeeksHub website and its main contributor.

Related Articles

increase rpool solaris 11 -

How to increase rpool size in Solaris 11

January 11, 2022
solaris run levels explained -

Oracle Solaris Run Levels Explained

May 6, 2022
shutdown vs init -

shutdown vs init command Solaris

March 18, 2022
oracle ILOM snapshot using CLI -

How to take an Oracle ILOM snapshot using Command Line Interface

September 6, 2022
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© theGeeksHub 2024, All Rights Reserved
Back to top button