====== Ubuntu - Passwords - Set Up Password Aging for Users ======

The **chage** command changes the number of days between password changes and the date of the last password change.

This information is used by the system to determine when a user must change their password.

The **/etc/login.defs** file defines the site-specific configuration for the shadow password suite including password aging configuration.

----

===== Enable Password Aging =====

<code bash>
sudo chage -M 60 -m 7 -W 7 userName
</code>


===== Disable password aging =====

<code bash>
sudo chage -M 99999 userName
</code>

----

===== Get password expiration information =====

<code bash>
sudo chage -l userName
</code>

----

Finally, you can also edit the /etc/shadow file in the following fields:

<code>
{userName}:{password}:{lastpasswdchanged}:{Minimum_days}:{Maximum_days}:{Warn}:{Inactive}:{Expire}:
</code>

Where,

  * **Minimum_days**:  The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change their password.
  * **Maximum_days**:  The maximum number of days the password is valid (after that user is forced to change their password).
  * **Warn**:  The number of days before password is to expire that user is warned that their password must be changed.
  * **Expire**:  Days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

It is recommended to use the **chage** command instead of editing the **/etc/shadow** file by hand,