Linux Accounts Password Rules

Check Current Password Expiry Settings

Before making any changes, you may want to check the current password expiry settings for the user. You can do this by running the chage -l <username> command, replacing <username> with the name of the user whose password expiry settings you want to view.

sudo chage -l <username>

Change Password Expiry Settings

To change the password expiry period of Linux accounts, run the chage command, as below:

[sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M <days_to_expiry> -I <days_to_inactive> <username>

• -M <days_to_expiry>: Sets the maximum number of days a password is valid (90 days by default).

• -I <days_to_inactive>: Sets the number of days of inactivity after a password expires before the account is disabled (45 days by default).

For example, to set a maximum password age of 60 days and configure the account to be permanently disabled 45 days after the password expires for the user sysadmin, run the following command:

[sysadmin@controller-0 ~(keystone_admin)]$ sudo chage -M 60 -I 45 sysadmin

Verify Changes

After making the changes, verify that the new password expiry settings have been applied by running the chage -l <username> command again.

chage -l <username>

For the example above of user sysadmin and expiry period of 60 days, the output of chage -l <username> should be as follows:

[sysadmin@controller-0 ~(keystone_admin)]$ chage -l sysadmin
Last password change                                : Apr 09, 2025
Password expires                                    : Jun 08, 2025
Password inactive                                   : Jul 23, 2025
Account expires                                     : never
Minimum number of days between password change      : 1
Maximum number of days between password change      : 60
Number of days of warning before password expires   : 7