Why does the password expire?
I am logging in with public key (without password) since several days. Today I get this message:
> ssh modlink_foo_q@server
You are required to change your password immediately (password expired)
Last login: Wed Nov 14 09:26:48 2018 from 10.130.4.3
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for modlink_foo_q.
This is the matching line in /etc/shadow
server:~ # grep modli /etc/shadow
modlink_foo_q:!:17757:1:90:7:::
I think no password is set. Then who can it expire?
OS: SUSE Linux Enterprise Server 12 SP3
Best Answer
The value of your encrypted password (or the lack thereof) does not change the fact that a password expiry policy has been set.
See https://linux.die.net/man/3/shadow and https://linux.die.net/man/5/shadow
The current password was set on Tue Aug 14 2018
(the third field is
sp_lstchg
- the number of days since Jan 1, 1970 when the password was last changed:date --date '1970-01-01 +17757days'
)(most likely when the account was created) and was valid for 90 days.
(field #5
sp_max
- the number days after which password must be changed) I.e. the password was valid untildate --date '1970-01-01 +17757days +90days'
Mon Nov 12 2018.You are currently in the 7 day grace period after the password expiry date and unless you either change the password, or change/update the policy fields (with
chage
) that account will considered inactive and disabled by Mon Nov 19 2018.will update the
sp_lstchg
field with today's date which will allow you to continue to use the account for another 90 before simulating a new password reset.