Changing maximum expiration days for user passwords
Article ID: 168005
Updated On:
Products
XOS
Issue/Introduction
Changing maximum expiration days for user passwordsBy default, the passwords that are associated with all usernames created using the XOS CLI expire after 30 days. Some administrators don't want user password to expire. It is possible (but not recommended) to avoid the expiration of user passwords by using the Linux chage command.
However, if an administrator uses lowercase m (minimum days between password changes) instead of uppercase M (maximum days between password changes), future logins are blocked. If this happens, the messages below appear and the login is prevented.
However, if an administrator uses lowercase m (minimum days between password changes) instead of uppercase M (maximum days between password changes), future logins are blocked. If this happens, the messages below appear and the login is prevented.
[email protected]'s password:
You are required to change your password immediately (password aged)
Warning: Your password has expired, please change it now
Changing password for admin
(current) UNIX password: ******
You must wait longer to change your password
You are required to change your password immediately (password aged)
Warning: Your password has expired, please change it now
Changing password for admin
(current) UNIX password: ******
You must wait longer to change your password
Cause
When changing user maximum expiration days, instead of entering an upper case 'M', the system administrator enterd a lower case 'm' (which is minimum expiration days).
Example:
1. A user was created with maximum expiration of 1 day (by default it is of 30 days)
2. The administrator wants to eliminate the maximum expiration requirement using chage. But, enters a lower case 'm' instead of an upper case 'M'.
The output from the command shows that the minimum expiration days parameter was changed (to 9999) and the password will still expire in 1 day.
Example:
1. A user was created with maximum expiration of 1 day (by default it is of 30 days)
CBS# configure username user1 privilege 15 maxdays 1
Password:
Retype password:
%WARNING: User added successfully with warning
Detail: Warning BAD PASSWORD: it is based on a dictionary word
Password:
Retype password:
%WARNING: User added successfully with warning
Detail: Warning BAD PASSWORD: it is based on a dictionary word
CBS# un su
[[email protected] admin]# chage -l user1
Minimum: 0
Maximum: 1
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: May 18, 2010
Password Inactive: Never
Account Expires: Never
[[email protected] admin]# chage -l user1
Minimum: 0
Maximum: 1
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: May 18, 2010
Password Inactive: Never
Account Expires: Never
2. The administrator wants to eliminate the maximum expiration requirement using chage. But, enters a lower case 'm' instead of an upper case 'M'.
[[email protected] user1]# chage -m 9999 user1
[[email protected] user1]# chage -l user1
Minimum: 9999
Maximum: 1
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: May 18, 2010
Password Inactive: Never
Account Expires: Never
[[email protected] user1]#
[[email protected] user1]# chage -l user1
Minimum: 9999
Maximum: 1
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: May 18, 2010
Password Inactive: Never
Account Expires: Never
[[email protected] user1]#
The output from the command shows that the minimum expiration days parameter was changed (to 9999) and the password will still expire in 1 day.
Resolution
1. If the user is the admin:
a) Connect with root user through console and/or ssh, and change the password restriction parameters:
b) Open a new SSH session and login using admin account as before
Note: If the root password is not known, follow the instructions listed in the "Recovering from an Expired CPM Root Interval Session" in the XOS Configuration Guide.
2. If the user is other than admin and/or root:
a) Log in as user admin user and then switch to Linux using the root login.
b) Open a new SSH session and log in using the user1 account.
After the changes, the user (user1 and admin) should look like below:
If you still have problems logging in, contact Crossbeam Support.
a) Connect with root user through console and/or ssh, and change the password restriction parameters:
# chage -m 0 admin
# chage -M 99999 admin
# chage -M 99999 admin
b) Open a new SSH session and login using admin account as before
Note: If the root password is not known, follow the instructions listed in the "Recovering from an Expired CPM Root Interval Session" in the XOS Configuration Guide.
2. If the user is other than admin and/or root:
a) Log in as user admin user and then switch to Linux using the root login.
CBS# un su
# chage -m 0 user1
# chage -M 99999 user1
# chage -m 0 user1
# chage -M 99999 user1
b) Open a new SSH session and log in using the user1 account.
After the changes, the user (user1 and admin) should look like below:
# chage -l user1
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: Never
Password Inactive: Never
Account Expires: Never
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: Never
Password Inactive: Never
Account Expires: Never
If you still have problems logging in, contact Crossbeam Support.
Workaround
N/AFeedback
Yes
No
Powered by
