Your account has expired linux

Arch Linux

You are not logged in.

#1 2019-09-30 10:16:44

[SOLVED] PAM failed: User account has expired

Recently I’ve fresh installed my system and notice this behavior from systemd:

user@976 belongs to git sddm user, and it seems to have problem with systemd itself.

If you have notice this or there’s any active bug request please let me know, so I can track this down.

Last edited by Bersam (2019-10-06 21:48:19)

#2 2019-09-30 11:16:24

Re: [SOLVED] PAM failed: User account has expired

As it is optional https://bugs.archlinux.org/task/63706#comment181624 only session registration with systemd fails.

#3 2019-09-30 15:39:58

Re: [SOLVED] PAM failed: User account has expired

I’ve experienced the same in a systemd-nspawn container environment. Fresh install with pacstrap, only base group and git are installed.

su git resulted in «Account expired». I thought it was caused by git’s shell beeing /usr/bin/git-shell. I will look into PAM, thanks.

#4 2019-09-30 16:39:46

Re: [SOLVED] PAM failed: User account has expired

@tolga9009 as an alternative to su git assuming you are following https://git-scm.com/book/en/v2/Git-on-t … the-Server
you could run the commands as root and chown the files to git:git.
Edit:
or chage -E -1 git

Last edited by loqs (2019-09-30 16:44:16)

#5 2019-09-30 18:03:08

Re: [SOLVED] PAM failed: User account has expired

Yepp, I was following that guide !

you could run the commands as root and chown the files to git:git

That’s what I did in the end, but I still couldn’t do anything over SSH.

I’ve simply done «chage -E -1 git», as you suggested. Thanks!

#6 2019-09-30 18:50:18

Re: [SOLVED] PAM failed: User account has expired

Can you please file a bug report against the git package as it appears the user git can not have an expired password.

#7 2019-09-30 23:07:40

Re: [SOLVED] PAM failed: User account has expired

After further investigating the issue, I don’t think it’s a bug. User ‘git’ is created by ‘/usr/lib/sysusers.d/git.conf’:
«The account will be created disabled, so that logins are not allowed.» from ‘man sysusers.d’.

Still, out of the box, you’re getting:

Can’t say anything about git-daemon, as I don’t use it.

#8 2019-09-30 23:43:01

Re: [SOLVED] PAM failed: User account has expired

https://github.com/systemd/systemd/pull/13277
The account can be locked but not expired as was the case before that change.

#9 2019-10-01 04:28:03

Re: [SOLVED] PAM failed: User account has expired

I see. Wasn’t aware of this beeing a very recent change upstream. I think a bug report makes sense in this case. Thanks for the links!

Last edited by tolga9009 (2019-10-01 04:48:59)

#10 2019-10-02 10:13:09

Re: [SOLVED] PAM failed: User account has expired

Recently I’ve fresh installed my system and notice this behavior from systemd:

user@976 belongs to git user, and it seems to have problem with systemd itself.

If you have notice this or there’s any active bug request please let me know, so I can track this down.

I think this is related to a change in how systemd creates users.

Removing the expiration date in the sddm user should fix it:

Источник

Linux Check User Password Expiration Date and Time

Linux check user password expiration using chage

1. Open the terminal application
2. Type chage -l userName command to display password expiration information for Linux user account.
3. The -l option passed to the change show account aging information.
4. Check tom user’s password expiry time, run: sudo chage -l tom

Let us see some examples and usage information in details.

View account again information on Linux

To see account aging information such as expiry date and time, enter:

To see account aging info for usernamed vivek, enter:
$ chage -l vivek
Sample outputs:

The above outputs indicates that password aging disabled.

Check the user account password expiry information on Linux

Let us try one more example:
$ sudo chage -l raj
Sample outputs:

It seems that user account scheduled to expire on 01/Jan/2013. You can use the grep command to filter out info too:
$ sudo chage -l raj | grep ‘Password expires’

Change password expiry date

You can set the maximum number of days during which a password is valid. For example, make sure password is valid for 90 days for user named jerry:
sudo chage -M 90 jerry
sudo chage -l jerry
Please note that passing the number -1 will remove checking a password’s validity:
sudo chage -M -1 tom
You can also set the minimum number of days between password changes:
sudo chage -m 30 jerry
However, a value of zero indicates that the user may change his/her password at any time:
sudo chage -m 0 marlena

Set expire date

The syntax is:
sudo chage -E EXPIRE_DATE userName
One can set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more mmonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
sudo chage -E 2020-03-31 sai
Passing the number -1 as the EXPIRE_DATE will remove an account expiration date:
sudo chage -E -1 tristan

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Set warning for the user before password expires

Try using the following syntax to set the number of days of warning before a password change is required:
sudo chage -W WARN_DAYS userName
sudo chage -W 30 raj
The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire. Verify info with following command:
sudo chage -l raj

Conclusion

The chage command changes the number of days between password changes and the date of the last password change. The same command also check user password expiration date and time on Linux. See chage man page for more information here.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

How to Manage User Password Expiration and Aging in Linux

System administration involves numerous tasks including managing users/groups and under user management, some of the minor tasks involved are adding, modifying, suspending, or deactivating user accounts, and many more.

This article will explain one of the critical user account management functions, how to set or change user password expiration and aging in Linux using the chage command.

The chage command is used to modify user password expiry information. It enables you to view user account aging information, change the number of days between password changes and the date of the last password change.

Once you have set password expiry and aging information, this information is used by the system to determine when a user must change his/her password. Normally, companies or organizations have certain security polices that demand users to change passwords regularly: this can be a simple way to enforce such policies as we explained below.

To view a user account aging information, use the -l flag as shwon.

View User Password Aging Information

To set the date or number of days (since January 1, 1970) when the password was last changed, use the -d flag as follows.

Next, you can also set the date or number of days (since January 1, 1970) on which the user’s account will no longer be accessible by using the -E switch as shown in the following command.

In this case, once a user’s account is locked, he/she is required to contact the system administrator before being able to use the system again.

Then, the -W option allows you to set the number of days of warning before a password change is required. Considering the command below, the user ravi will be warned 10 days prior to his password expiring.

In addition, you can set the number of days of inactivity after a password has expired before the account is locked. This example means that after user ravi’s password expires, his account will be inactive for 2 days before it is locked.

When the account becomes inactive, he must contact the system administrator before being able to use the system again.

For more information, refer to the chage man page.

Note that you can also change a user’s password expiration and aging information using the usermod command, which is actually intended for modifying a user account.

That’s it for now. Hoping you find this article informative and useful, if you have any questions to ask, use the feedback form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Источник

Red Hat Customer Portal

Log in to Your Red Hat Account

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

Red Hat Account

Customer Portal

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Select Your Language

Why does the system prompt «Your account has expired; please contact your system administrator»

Issue

When login to a non-privileged account whose password is expired, the system prompts:

However, the account is not expired according to chage -l on the account:

There seems to be a logic bug here. The account is not expired and is not locked. The correct behaviour here would be to have the system say «Your password is expired, you must change it now» and then make me go through the password change process. Instead, the system is treating the ACCOUNT has having expired, which it is not.

Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Источник

Linux Change Password Command: Change password expiry in Linux

Linux is one of the most popular operating systems for servers, and Linux also offers a great desktop OS. However, there are some things that can be difficult to understand when you’re new to Linux. One example is passwords expiry – what does this mean? How do you change the expiration date for your password in Linux? How do you change user password, UNIX password, and use the passwd command?

If you’re not in IT services, or sidebar not a techie, the Linux change password command and coding the expiry date can all seem overwhelming. If you can barely remember your username, setting expiration dates is the last thing on your mind. But, Linux change account passwords settings allow you to keep yours and others users in Linux secure. By using the root user and the user root password and the command line chage.

Table of Contents

You might also like

Top Open Source Email Servers

How to Determine Redhat Versions Command

In this article, we’ll answer these questions and more. Keep reading to learn more.

Change expiry and enter new UNIX password in Linux

“chage” is the command to list & change the user password aging information for the change password user account. Use the passwd command chage to change the number of days between user password expiry and the current date. It’s easy to access the chage command line to utilize it in Linux. Think of it as the account password change button in the shadow file.

The change the password notification will be sent and passwords will be set to expire on the date you specify. The valid range is from 0 (today) up until 90 years in future, and if it’s less than today then a warning message pops-up again reminding that the change user password in Linux has already expired.

Here’s a real quick rundown on how to show the expiration date of a particular linux user account. Here are the different settings:

• Listing password aging for user and user accounts
• Change the number of days to expire for the alert to change user password on the account
• Change the password to never expire so you have control and can change your own password
• Change account expiry to a specific date to change the password

Let’s explore how to use this command in the terminal!

Listing password aging for user

chage command with option -l shows the expiry details of a specific user. This sudo command allows users to plan on a new password the next time the user’s password is set to expire.

In this example, the user’s last new password change was on Dec 25th 2017 and it expires in 90 days. The user will be notified within login 7 days before expiry.

Change the number of days to expire

Use -M option and provide the number of days to expiry. You can see in the example below, the user can change to their new password the next time it’s required, in 180 days.

Some of the reasons you might want to change the number of days to expiry are to enforce a more stringent new password policy, to force the user into changing their passwords on time, to take over the account with the sysadmin, doubling back to the root user, etc.

Change the password to never expire

You can use chage to make the user’s password never expire with the below options. This sets the user password/UNIX password to never expire. Some reasons why you may want to switch to the password never expiring are if you’re sharing the account with a co-worker or if it is for your personal use.

This way neither one of you will be left in the lurch if you forget your password. You simply manage the root access passwd and type passwd command to change it yourself when needed.

You can also set the number of days to change and how many warnings you want before it expires with chage. Be careful to keep track of your passwords and to set the correct number of days for your user password.

This command will create an expiration date that is in never part, so it won’t expire at all: PASSWORD_MAXAGE=never chage -M 0 username . A maximum password age can be specified as a time span with units such (years) or (-m):

Option one: -M199200 — this will set the Linux password to never expire and then change user password expires attribute from “never” (default)to NEVER (-1201). The screen looks like this.

Change account expiry to specific date

You can set the user password commands or UNIX password and the entire account distribution to expire on a specific date or +N number of days from the current date.

Some of the reasons this is helpful are when you are testing a potential new employee and whether the information they gave is accurate, and want the user password to expire after the test window is done. When the file is set to expire, or when an employee is terminated, etc shadow.

All of this is done with one command: ot@centos01

] #chage -E +21 demouser (type in your password and answer y)[/size][/li][line break=true

To set an expiration date, use: chage username +N days from now.

Here are the examples using chage -E option.

Источник