Howto set or force user to change a password at first login under Linux

Posted on in Categories Debian Linux, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated February 20, 2007

Recently I got a question that read as follows:

How do I force user foo to change a password at the first time login using ssh?

As a sys admin you may need this kind of facility. There are many ways to achieve this.

You can set empty/null password and use passwd command to expire password. This will result into immediate password change for the first time.

For example you just need to type following two commands:
# usermod -p “” foo
# chage -d 0 foo

You can also ignore first command if foo is already exists in system.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

6 comment

  1. Hi, but if you are running a Debian based distro on your server it is necessary to add the ‘shadow’ file into your ‘/etc/’ directory if you want this to work. So, to do this execute the following command ‘pwconv’ from CLI and the ‘/etc/shadow’ file will be automatically created. After that execute the ‘chage -d 0 username’. And that it’s.

    Cheers.

  2. Here are a set of scripts that work with RHEL 5.2. as Bash scripts.

    userlist.txt – Contains a set of UID’s to be created.

    useradd.sh – creates the UID’s

    pass.sh – Changes the password for the uids defined in userlist.txt

    passch.sh – sets the UID password to expire (forces the user the change password @ logon)

    Example:
    userlist.txt:
    bob
    tom
    chickmcgee

    useradd.sh:
    #!/bin/sh

    for i in `more userlist.txt`

    do

    echo ${i}
    adduser ${i
    }
    done

    pass.sh:
    #!/bin/sh

    for i in `more /root/users/userlist.txt `

    do

    echo ${i}
    echo ${i}”1234″ | passwd –stdin ${i}

    echo; echo “User ${i}.s password changed!”

    done

    passch.sh:
    #!/bin/sh

    for i in `more userlist.txt `

    do

    echo $i

    echo ${i} | chage -d 0 ${i}

    echo; echo “User $i will be forced to change password on next login!”

    done

  3. Hi,

    Thanks for the tips and script.
    But, after executing the above commands to enforce the user to change the password upon first login, I am not able to see this comment (You are required to change your password immediately (root enforced)) in PUTTY screen when I login as the respective user.

    Of course, this works when I directly login on my VM.

Leave a Comment