Linux Password Expiration
On a new Linux installation, such as for a UCM or MAS, the root password is set to expire after 90 days. It must be set to never expire (never age), or you're inviting future problems! When you load or access a new system, always perform the following steps.
Note: Linux passwords are different to UCM passwords - UCM passwords are handled in Element Manager ➤ Policies.
For this procedure, you must log on directly as root.
Note: 'root' can ONLY log on directly from either the COM1 console, or a keyboard and video monitor.
1 Confirm that the root password is set to expire:
[root@pbx ~]# chage --list root Last password change : Apr 11, 2011 Password expires : Jul 10, 2011 Password inactive : never Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 90 Number of days of warning before password expires : 7
2 To turn off the password expiration for a user account, set the following:
-m 0
will set the minimum number of days between password change to 0-M 99999
will set the maximum number of days between password change to 99999-I -1
will set the "Password inactive" to never (minus one)-E -1
will set "Account expires" to never (minus one)So, we'll issue the following command:
[root@pbx ~]# chage -m 0 -M 99999 -I -1 -E -1 root
3 Next confirm that the command has taken:
[root@pbx ~]# chage --list root Last password change : Apr 11, 2011 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Alternate Method
Login as root, and issue the command: passwd "Username" -x -1
Example:
# passwd root -x -1 minus 1 # passwd nortel -x -1
Where:
-x, --maxdays MAX_DAYS. The number -1 as MAX_DAYS will remove checking a password's validity.
Issue the command chage --list root
(as above) to confirm the password will never expire.