- How to force change linux password even if similar as previous
- 5 Answers 5
- How do I force a user to change the password periodically?
- 2 Answers 2
- How to Force Linux Users to Change Password at Next Login
- Understanding Linux User Management
- User accounts and permissions
- The importance of password management
- Methods to Force Password Change
- Using the passwd Command
- Using the chage Command
- Verifying Password Expiration Settings
- Checking password expiration settings
- Modifying password expiration settings
- Best Practices for Password Management on Linux
- Enforcing strong passwords
- Regular password rotation
- Educating users on password security
- Conclusion
How to force change linux password even if similar as previous
I am trying to change my current password in Red Hat Enterprise Linux Server release 5.10 (Tikanga) but it says my new password is too similar. Is there any way to force change ?
$ passwd Changing password for user XY Changing password for XY (current) UNIX password: New UNIX password: BAD PASSWORD: is too similar to the old one New UNIX password:
I did not want to change to same password. let say I have Bilbo1 and I want to change to Bilbo2, I get message above: «BAD PASSWORD: is too similar to the old one». SO I am not changing to same password
If you had bothered to read the answers to that question, you’d have realized why you’re in the same position and how to resolve your problem.
@darnir, duplicates are when the question is already asked in same SO site. This one can not be a duplicate 🙂
5 Answers 5
If you can run the command as root, you can force the change to be accepted.
$ sudo passwd myusername Changing password for user myusername. New password: Retype new password: passwd: all authentication tokens updated successfully.
If the user had super user access, they might as well change whatever settings enables these silly password restrictions. Since they are not asking about this, I’m assuming they do not have root access.
- change twice, e.g. old passwd is Bilbo1,
- change to Frodo1 (from Bilbo1),
- then change to Bilbo2 (from Frodo1).
- on the first change, Linux can only compare clear text Bilbo1 and Frodo1,
- on second Linux can only compare Frodo1 and Bilbo2 (and all the crypted passwd, you can’t revert to Bilbo1(*)).
- This suppose you can change twice, which may have been disable by your system admin, to prevent such work arround.
Needless to say, do not use such a silly password.
(*) On second tought, I am not sure about this point in Linux.
I did not want to change to same password. let say I have Bilbo1 and I want to change to Bilbo2, I get message above: «BAD PASSWORD: is too similar to the old one». SO I am not changing to same password
well, while trying change from Frodo1 to Bilbo2 I got message that: «You must wait longer to change your password» LOL
that was my third point. my favourite password pattern is Bilbo00 / Frodo00 with 00 the current month.
On CentOS, you can also use the -f option to force the password change.
$ passwd -f username Changing password for user username. New password: Retype new password:
Since passwd uses PAM, you would have to modify the file: /etc/pam.d/common-password on Debian based systems like Ubuntu, or /etc/pam.d/system-auth on RedHat based systems.
The other answers solve the problem for most users. However, if you’re an admin using a Linux system with PAM, and want this policy removed for all users to change their password without needing to use sudo or root, then this needs to be changed in the PAM settings.
I don’t know about RHEL, but on Ubuntu, you can edit /etc/pam.d/common-password. There should be a line somewhere like this
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
The obscure keyword tells PAM to do a series of checks that compares the new password to the old password, and makes sure that the new password is different enough from the old one in the following ways
- The new password is not a palindrome of the old one
- The new password isn’t just a case change of the old one
- The new password isn’t too much like the previous one (the issue here)
- The password isn’t too simple
- The password isn’t just a rotated version of the old one
More information can be found in man pam_unix
Removing this keyword and refreshing PAM would mean that the checks will not be done anymore. However, keep in mind that this may encourage bad passwords to be used and may affect the security of your system.
Try:
sudo busybox passwd XY
(XY is your user name)I have used the root privilege to set a weak password for a normal user, with a warning, but it worked in the end.
But I tried again recently and it failed.
My final solution is to use busybox’s internal passwd program, which is a different program, and it works.My system is gentoo, and after checking, the default passwd is from sys-apps/shadow-4.8.1-r2.
duke@duke-pc ~ $ sudo passwd duke You can now choose the new password or passphrase. A good password should be a mix of upper and lower case letters, digits, and other characters. You can use a password that consists of 8 characters. A passphrase should be of at least 3 words, 8 to 40 characters long, and contain enough different characters. Alternatively, if no one else can see your terminal now, you can pick this as your password: "sleep=Medal2brim". Enter new password: Weak password: too short. Try again. (. ) You can now choose the new password or passphrase. A good password should be a mix of upper and lower case letters, digits, and other characters. You can use a password that consists of 8 characters. A passphrase should be of at least 3 words, 8 to 40 characters long, and contain enough different characters. Alternatively, if no one else can see your terminal now, you can pick this as your password: "Freeze+six7nazi". Enter new password: Weak password: based on a dictionary word and not a passphrase. passwd: Authentication token manipulation error passwd: password unchanged duke@duke-pc ~ $ duke@duke-pc ~ $ sudo busybox passwd duke Changing password for duke New password: Bad password: too weak Retype password: passwd: password for duke changed by root duke@duke-pc ~ $
How do I force a user to change the password periodically?
I’m by far no network admin, but I know on the PC I use at work, we need to change our passwords every 30 or 45 days. Is there something like that on Ubuntu that can prompt users to change their passwords every 30, 45 or whatever days I specify?
2 Answers 2
When creating user accounts, you should make it a policy to have a minimum and maximum password age forcing users to change their passwords when they expire.
To easily view the current status of a user account, use the following syntax:
sudo chage -l username one@onezero:~$ sudo chage -l one Last password change : Feb 15, 2012 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
To set any of these values, simply use the following syntax, and follow the interactive prompts:
The following is also an example of how you can manually change the explicit expiration date (-E) to 01/31/2012, minimum password age (-m) of 5 days, maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after password expiration, and a warning time period (-W) of 14 days before password expiration.
sudo chage -E 01/31/2012 -m 5 -M 90 -I 30 -W 14 username
To verify changes, use the same syntax as mentioned previously:
How to Force Linux Users to Change Password at Next Login
In the digital world, password security is crucial to protect sensitive data and maintain system integrity. Regularly updating passwords is a key aspect of strong security practices. In this article, we’ll explore how to force password change on Linux systems at the next login for enhanced security. We will discuss various methods to achieve this and provide examples to help you understand the process.
Understanding Linux User Management
User accounts and permissions
Linux is a multi-user operating system that supports the creation and management of multiple user accounts. Each user account has specific permissions that define what actions the user can perform on the system. Proper management of user accounts and permissions is essential for maintaining system security.
The importance of password management
Password management is a crucial aspect of user account management. Ensuring that users have strong, unique passwords and update them regularly can significantly reduce the risk of unauthorized access to the system.
Methods to Force Password Change
Using the passwd Command
The passwd command is a versatile tool for managing user passwords on a Linux system. To force a user to change their password at the next login, use the following syntax:
Replace with the appropriate user account name. The command will set the password expiration date to the past, effectively requiring the user to change their password at their next login.
sudo passwd --expire johndoe
This command will force the user “johndoe” to change their password at the next login.
Using the chage Command
Another method to force a password change at the next login is by using the chage command. The chage command allows you to modify the user’s password expiration settings.
Use the following syntax to force a password change at the next login:
Replace with the appropriate user account name. The command sets the last password change date to the Unix epoch (January 1, 1970), forcing the user to change their password at the next login.
This command will force the user “johndoe” to change their password at the next login.
Verifying Password Expiration Settings
Checking password expiration settings
To check a user’s current password expiration settings, use the following command:
Replace with the appropriate user account name. The command will display information about the user’s password settings, including the last password change date, the password expiration date, and the password warning period.
Modifying password expiration settings
You can modify a user’s password expiration settings using the chage command with various options. For example, to set a maximum password age of 60 days, use the following command:
Replace with the appropriate user account name. The command will set the user’s password to expire after 60 days from the last password change date.
Best Practices for Password Management on Linux
Enforcing strong passwords
To enhance system security, enforce the use of strong passwords by configuring the system’s Pluggable Authentication Modules (PAM). PAM allows you to set password complexity requirements, such as minimum length, character classes, and repetition rules.
Regular password rotation
Establish a policy for regular password rotation to ensure that user passwords are updated periodically. This can help to reduce the risk of unauthorized access due to compromised passwords.
Educating users on password security
Educate users on the importance of password security and best practices. Encourage them to use unique, strong passwords for each account and avoid reusing passwords across multiple services. Providing guidance on using password managers can also help users manage their passwords more effectively.
Conclusion
Forcing Linux users to change their passwords at the next login is an essential step in maintaining system security. By using the passwd or chage commands, you can easily enforce this policy on your Linux systems. Combined with best practices such as enforcing strong passwords, regular password rotation, and user education, you can significantly enhance the overall security of your Linux environment.