RHEL – Managing Passwords with Chage

Large_SkeletonKeyPTo understand the chage command  if might be best to make sure that you understand the /etc/shadow file, so lets look at a line from mine. Note that “:” is the field separator.


In the shadow file the fields are as follows:

  1. Username
  2. Password Hash
  3. Date of Last Password Change in days since the dawn of Unix Time
  4. Minimum Password Age
  5. Maximum Password Age
  6. Password Warning Period
  7. Password Inactive Period
  8. Account Expiration

The basic options of the chage command are as follows

  • -M Max Days
  • -m Min Days
  • -I inactive
  • -E Expiry Date
  • -D 0 Force Password Change

So first lets take a look at the current settings for user “chris”. You will see that the entries below match the options listed above.

# chage -l chris

Last password change                                    : Aug 02, 2011
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

So lets say that we want to force user chris to update his password on next login

#chage -d 0 chris

and then set a minimum number of days of 10 between password changes

#chage -m 10 chris

or set an expiration date of 10/10/2020

#chage -E 10/10/2020 chris

You get the idea…

Anyway the chage command can be run interactively as well if you do not pass any options to the command other than the username.

Additional Resources:

Managing Password Aging on AIX, Solaris, Linux