I've created a post-installation automation BASH script for Ubuntu installations. The last thing I want the script to do, is to set the password of UID 1000's password (the user I've created while installing the system) to expire, to force the user to change his/her password next time they log in. I guess I could use the OEM installation, but it doesn't quite fit my scenerio. I sometimes install an Ubuntu workstation for a specific person. they fill a form with the requested display name and username. I obviously don't want them, to enter the preffered password too, so I want to expire their password (a simple password I use for installing and configuring the system) to force them to change it to whatever they want at the first time they login to their newly installed Ubuntu.
From
man chage
(which you should read) :-M, --maxdays MAX_DAYS Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning.
Test this in advance. Does the GUI login pass on the "New password" message? Must you restrict the first login to a non-GUI terminal?