Context
So I set up a new Debian server and added some users for web space etc, the usual affair.
Skip forward 180 days and users start complaining their logins are not working. Given more than one person brought it up, I checked the auth logs and... BOOM. Failed logins due to password expiry. Dang!
Silly me had not considered the password expiry policy on this particular server.
Note, these users didn't have shell rights, but can login via sftp to manage their web space. So they wouldn't of been reminded about expiry or had the ability to change the password, even if they knew. From what I can tell, the error was only being logged server side. Client side it was a generic auth error.
Question
How can I easily interrogate the server to get the password expiry info for all users?
Once I have that info, I can easily see which users are being effected and those which will be affected in the future.
A command like this should show you the expiration status for all accounts defined in your
/etc/passwd
.The important command is the
chage -l username
. That is the command that returns the expiration status for a user. Chage is also the command you would use to modify expiration rules. You may need to addsudo
beforechage
depending on your system setup.You can use this simple command also:
awk -F':' '{ system("echo " $1 " && chage -l " $1) }' /etc/passwd
Using
awk
andsystem
make it more simple.