Changing maximum expiration days for user passwords

book

Article ID: 168005

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Changing maximum expiration days for user passwordsBy default, the passwords that are associated with all usernames created using the XOS CLI expire after 30 days. Some administrators don't want user password to expire. It is possible (but not recommended) to avoid the expiration of user passwords by using the Linux chage command.

However, if an administrator uses lowercase m (minimum days between password changes) instead of uppercase M (maximum days between password changes), future logins are blocked. If this happens, the messages below appear and the login is prevented.


[email protected]'s password:
You are required to change your password immediately (password aged)
Warning: Your password has expired, please change it now
Changing password for admin
(current) UNIX password: ******
You must wait longer to change your password

Cause

When changing user maximum expiration days, instead of entering an upper case 'M', the system administrator enterd a lower case 'm' (which is minimum expiration days).

Example:

1. A user was created with maximum expiration of 1 day (by default it is of 30 days)

CBS# configure username user1 privilege 15 maxdays 1
Password:
Retype password:
%WARNING: User added successfully with warning
Detail: Warning BAD PASSWORD: it is based on a dictionary word
CBS# un su
[[email protected] admin]# chage -l user1
Minimum: 0
Maximum: 1
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: May 18, 2010
Password Inactive: Never
Account Expires: Never

2. The administrator wants to eliminate the maximum expiration requirement using chage. But, enters a lower case 'm' instead of an upper case 'M'.

[[email protected] user1]# chage -m 9999 user1

[[email protected] user1]# chage -l user1
Minimum: 9999
Maximum: 1
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: May 18, 2010
Password Inactive: Never
Account Expires: Never
[[email protected] user1]#

The output from the command shows that the minimum expiration days parameter was changed (to 9999) and the password will still expire in 1 day.

Resolution

1. If the user is the admin:

   a) Connect with root user through console and/or ssh, and change the password restriction parameters:

# chage -m 0 admin
# chage -M 99999 admin

   b) Open a new SSH session and login using admin account as before

   Note: If the root password is not known, follow the instructions listed in the "Recovering from an Expired CPM Root Interval Session" in the XOS Configuration Guide.

2. If the user is other than admin and/or root:

    a) Log in as user admin user and then switch to Linux using the root login.

CBS# un su
# chage -m 0 user1
# chage -M 99999 user1

    b) Open a new SSH session and log in using the user1 account.


After the changes, the user (user1 and admin) should look like below:

# chage -l user1
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: May 17, 2010
Password Expires: Never
Password Inactive: Never
Account Expires: Never

If you still have problems logging in, contact Crossbeam Support.

Workaround

N/A