{"id":57808,"date":"2021-12-20T11:24:00","date_gmt":"2021-12-20T16:24:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=57808"},"modified":"2024-12-17T15:31:28","modified_gmt":"2024-12-17T20:31:28","slug":"how-to-manage-user-passwords-on-linux-machines","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines","title":{"rendered":"How to Manage User Passwords on Linux Machines"},"content":{"rendered":"\n

Editor’s note: this article is intended to provide general direction on how one might manage user passwords on a Linux device and does not suggest the means by which JumpCloud handles these types of administrative and security tasks. For more information about how JumpCloud helps IT admins manage passwords across any operating system, check out this Help Center article<\/a>. <\/em><\/p>\n\n\n\n

\n\n\n\n

Using a password with an associated user account is the primary method of authentication in Linux and most UNIX systems. It\u2019s one of the few authentication methods supported by the SSH protocol<\/a> besides public key authentication, which requires admins to create a key pair<\/a> (public and private key) to authenticate a user with a remote system.\u00a0<\/p>\n\n\n\n

However, unlike public key authentication, passwords are prone to breaches such as brute force attacks that can be executed using automated scripts. Passwords can also be forgotten which means that users get locked out of the system. Weak and easily guessable passwords such as \u201cPassword123\u201d can also present a security risk, and are often a consequence of password fatigue<\/a>.<\/p>\n\n\n\n

Password management is, therefore, one of the top-of-mind tasks that any system administrator should carry out. This tutorial sheds light on some of the ways you can manage passwords on a Linux system.<\/p>\n\n\n\n

Manage Passwords Using the passwd<\/kbd> Command<\/h2>\n\n\n\n

One of the commands used in managing passwords is the Linux passwd<\/kbd> command. The command can be used to perform a wide range of password management operations. Let\u2019s have a glance at some of the operations you can carry out using the passwd<\/kbd> command.<\/p>\n\n\n\n

Create or Change User Passwords<\/h3>\n\n\n\n

On Debian\/Ubuntu systems, the adduser<\/kbd> command walks you through the creation of a new login user. It allows you to specify the username and password, alongside other details. For some Linux flavors such as CentOS, RHEL, and Fedora, you need to invoke the passwd<\/kbd> command to specify the user\u2019s password.<\/p>\n\n\n\n

The syntax for creating or changing a password takes the following format:<\/p>\n\n\n\n

# passwd username<\/code><\/p>\n\n\n\n

If you are logged in as a sudo user, you need to invoke sudo<\/kbd> before the command as follows:<\/p>\n\n\n\n

$ sudo passwd username<\/code><\/p>\n\n\n\n

Suppose you have a user called jack<\/kbd>. To change the user\u2019s password simply execute the command:<\/p>\n\n\n\n

$ sudo passwd jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

You can also change your own password by simply running the command without any arguments.<\/p>\n\n\n\n

$ passwd<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Lock a User’s Account or Password<\/h3>\n\n\n\n

Picture a situation where you have an employee who has been offboarded and you are required to deactivate their account. The best approach to take is to lock the account or deactivate the password. This prevents the user from accessing or logging into their account. <\/p>\n\n\n\n

To deactivate the password or lock the account, use the -l<\/kbd> option as follows:<\/p>\n\n\n\n

# passwd -l username<\/code><\/p>\n\n\n\n

For instance, to lock Jack\u2019s account and prevent him from logging in, execute the command:<\/p>\n\n\n\n

$ sudo passwd -l jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Unlock a User’s Account or Password<\/h3>\n\n\n\n

This is the exact opposite of locking a user\u2019s account. To unlock an account, pass the -u<\/kbd> option as follows:<\/p>\n\n\n\n

# passwd -u username<\/code><\/p>\n\n\n\n

To unlock Jack\u2019s account run the command:<\/p>\n\n\n\n

$ sudo passwd -u  jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Configure a User’s Password Expiry<\/h3>\n\n\n\n

A security practice often recommended is the regular rotation of users’ passwords. The primary reason for doing so is to avoid account compromise, and ensure that only authorized users are the ones using credentials to log in. While NIST no longer recommends rotating passwords, many organizations still are required by their security policies.It\u2019s generally recommended that you update your password once a month.<\/p>\n\n\n\n

You can enforce an immediate expiry of a user\u2019s password using the -e<\/kbd> option. This allows them to set a stronger password from their end.<\/p>\n\n\n\n

# sudo passwd -e username<\/code><\/p>\n\n\n\n

For example, to expire Jack\u2019s password immediately and allow him to change his password run the command:<\/p>\n\n\n\n

$ sudo passwd -e jack<\/code><\/p>\n\n\n\n

The next time Jack tries to log in via SSH, he will be required to reset or change his password.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Enforce Password Change After Max Number of Days<\/h3>\n\n\n\n

To ensure that users regularly update their passwords, you can enforce a password change after a maximum number of days (MAX_DAYS) using the -x<\/kbd> option.<\/p>\n\n\n\n

In the following example, Jack\u2019s password is only valid after 90 days, after which he will be compelled to set a new password.<\/p>\n\n\n\n

$ sudo passwd -x 90 jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Set the Minimum Number of Days Before a Password Expires<\/h3>\n\n\n\n

Additionally, you can set the minimum number of days (MIN_DAYS) using the -n<\/kbd> option. This is the minimum number of days before a user can change their password. Enforcing a minimum password age discourages users from reusing old passwords, which is a bad security practice.<\/p>\n\n\n\n

Here, Jack can only change the password after every 90 days and not earlier than that.<\/p>\n\n\n\n

$ sudo passwd -n  90 jack<\/code><\/p>\n\n\n\n

Additionally, you can set the minimum number of days before a user gets notified about an impending expiry of their password. The -w<\/kbd> option helps you to accomplish this.<\/p>\n\n\n\n

In the example below, Jack will start to receive a warning about his password expiry from day 7 prior to the actual date of the password expiry date.<\/p>\n\n\n\n

$ sudo passwd -w 7 jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Disable an Account Based on Password Expiry<\/h3>\n\n\n\n

Using the -i<\/kbd> option, you can set the number of days after the password expiry before the user account is disabled.<\/p>\n\n\n\n

In the following example, Jack\u2019s account will be disabled after 5 days of the password expiry if he doesn\u2019t change his password.<\/p>\n\n\n\n

$ sudo passwd -i 5 jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Display Information About Password Expiration<\/h3>\n\n\n\n

To display information about password expiration and aging use the chage<\/kbd> command with the -l<\/kbd> option.<\/p>\n\n\n\n

$ sudo chage -l jack<\/code><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

How to Enforce Strong Passwords Using the PAM Module<\/strong><\/h2>\n\n\n\n

So far, we\u2019ve presented the various ways you can manage users\u2019 passwords using the passwd<\/kbd> and chage<\/kbd> commands. However, these password management tools do not address the issue of weak passwords \u2014 a glaring security risk that can comprise your system.<\/p>\n\n\n\n

Characteristics of a Strong Password<\/strong><\/h3>\n\n\n\n

When setting a strong password, key aspects to consider include the password length and types of characters used. <\/p>\n\n\n\n

Common attributes of a robust and secure password include:<\/p>\n\n\n\n

    \n
  1. A minimum password length of 14 characters (the more the better, especially for privileged accounts).<\/li>\n<\/ol>\n\n\n\n
      \n
    1. A mix of both uppercase, lowercase, numerical, and special characters.<\/li>\n<\/ol>\n\n\n\n

      A password is considered weak if:<\/p>\n\n\n\n

        \n
      1.  It comprises the username of the user.<\/li>\n<\/ol>\n\n\n\n
          \n
        1.  It is too short (less than 10 characters).<\/li>\n<\/ol>\n\n\n\n
            \n
          1.  It has a name that is included in the dictionary, such as elephant, airplane, lightning, solace, etc. This also includes dictionary names with numbers and symbols replacing certain letters in a more obvious way, for example, \u201cStr1k3\u201d or \u201cAeropl@n3.\u201d<\/li>\n<\/ol>\n\n\n\n
              \n
            1. It includes a series of keyboard characters spelled normally or backward. For example, \u201cqwerty\u201d or \u201cpoiuyt.\u201d<\/li>\n<\/ol>\n\n\n\n
                \n
              1. It comprises personally identifiable information (PII) such as birth dates, driver\u2019s license number, Social Security number, etc.<\/li>\n<\/ol>\n\n\n\n

                As mentioned earlier, weak user passwords can put your system at risk of a cyberattack. Strong user password enforcement will go a long way in making it harder for nefarious parties to breach your system.<\/p>\n\n\n\n

                What Is the PAM Module?<\/strong><\/h3>\n\n\n\n

                PAM, short for pluggable authentication modules, is a suite of libraries that sits between applications and the native Linux authentication mechanism. It\u2019s the core of user authentication for modern Linux distributions. It provides a centralized way of selecting authentication methods for applications by leveraging configuration files.<\/p>\n\n\n\n

                How to Use PAM to Enforce User Password Complexity<\/strong><\/h3>\n\n\n\n

                In modern Linux systems such as Debian, CentOS, and Fedora, PAM comes enabled by default.<\/p>\n\n\n\n

                On Debian\/Ubuntu you need to install an additional module known as libpam-cracklib<\/kbd>. To achieve this, run the command:<\/p>\n\n\n\n

                $ sudo apt install libpam-cracklib<\/code><\/p>\n\n\n\n

                \"\"<\/figure>\n\n\n\n

                Password policies are specified in the common-password<\/kbd> configuration file. But before you make any changes to the file, back it up so you can roll back the changes made should something go wrong.<\/p>\n\n\n\n

                In our case, we\u2019ve made an extra copy of the file and named it common-password.bak<\/kbd>.<\/p>\n\n\n\n

                $ sudo cp \/etc\/pam.d\/common-password \/etc\/pam.d\/common-password.bak<\/code><\/p>\n\n\n\n

                Using your preferred text editor, open the common-password<\/kbd> configuration file.<\/p>\n\n\n\n

                $ sudo nano \/etc\/pam.d\/common-password<\/code><\/p>\n\n\n\n

                Locate and uncomment the following line:<\/p>\n\n\n\n

                password  requisite  pam_cracklib.so  retry=3 minlen=8 difok=3<\/code><\/p>\n\n\n\n

                \"\"<\/figure>\n\n\n\n

                Next, define your password policy by adding the line shown. This spells out the conditions to be met when creating new user passwords.<\/p>\n\n\n\n

                password required pam_cracklib.so try_first_pass retry=3 minlen=14 lcredit=1 ucredit=1 dcredit=2 ocredit=1 difok=2 reject_username<\/code><\/p>\n\n\n\n

                \"\"<\/figure>\n\n\n\n

                Let\u2019s break down the line and see what each option represents:<\/p>\n\n\n\n

                retry=3<\/kbd>: This is the maximum number of retries allowed when changing a user’s password. The default is usually 1.<\/p>\n\n\n\n

                minlen=14<\/kbd>: This is the minimum acceptable number of characters for a new password.<\/p>\n\n\n\n

                lcredit=1<\/kbd>: The option sets the minimum number of lowercase characters that a password should have to one.<\/p>\n\n\n\n

                ucredit=1<\/kbd>: This sets the minimum number of uppercase characters in a password to at least one.<\/p>\n\n\n\n

                dcredit=1<\/kbd>: The option sets the minimum number of numeric characters or digits in a password to one.<\/p>\n\n\n\n

                ocredit=1<\/kbd>: The option sets the minimum number of special symbols e.g., !, @.$,# etc. in a password to at least one.<\/p>\n\n\n\n

                difok=2<\/kbd>:This sets the minimum number of characters in the new password that must be different from the old password to two.<\/p>\n\n\n\n

                reject_username<\/kbd>: This prevents users from including their usernames in a password.<\/p>\n\n\n\n

                As stipulated in the password policy, users would have to set a new password with a minimum length of 14 characters, and the password should include one uppercase, lowercase, numeric, and special character. Further, the new password should not include the users\u2019 usernames.<\/p>\n\n\n\n

                Verifying the Password Complexity<\/strong><\/h3>\n\n\n\n

                To test drive our password policy, try changing your current password to a new weak password or one which is not compliant with the newly set policy.<\/p>\n\n\n\n

                The output shown below points out failed attempts at setting a new password which does not meet the minimum requirements laid out by the new password policy.<\/p>\n\n\n\n

                \"\"<\/figure>\n\n\n\n

                As you can see, you will be unable to set a new password unless you fully comply with the newly configured password policy. This is an ideal way of ensuring that users only set strong passwords which make it more difficult for hackers to breach the system.<\/p>\n\n\n\n

                And there you go! You have successfully enforced the use of robust and secure passwords using the PAM library suite.<\/p>\n\n\n\n

                What More Can You Do?<\/strong><\/h2>\n\n\n\n

                To further mitigate break-ins to your servers using brute force attacks, here are some of the extra steps you can take to bolster password authentication with an extra layer of security.<\/p>\n\n\n\n

                  \n
                1. Install and Configure Fail2ban <\/strong><\/li>\n<\/ol>\n\n\n\n

                  Fail2ban<\/a> is an open source intrusion detection application that safeguards your Linux machines from brute force attacks. It works by blocking IP addresses after a certain number of password failures which is typical of brute force attacks. It monitors authentication logs and picks out many signs of malicious activity and applies the ban based on configured rules.<\/p>\n\n\n\n

                    \n
                  1. Configure SSH to Allow Connection From Specific Users<\/strong><\/li>\n<\/ol>\n\n\n\n

                    The SSH protocol provides a wide range of security controls to harden the security of your system. If you decide to go with password authentication, then you can configure SSH to allow and deny connections from certain groups and users. For instance, you can disallow remote root login and only allow connection from specific users.<\/p>\n\n\n\n

                      \n
                    1. Enable Multi-Factor Authentication<\/strong><\/li>\n<\/ol>\n\n\n\n

                      Lastly, you can enable multi-factor authentication (MFA)<\/a>, also known as two-factor authentication (2FA), to provide an extra layer of protection by having a time-based one-time password (TOTP) or push notification sent to your mobile device after authenticating with your password.<\/p>\n\n\n\n

                      \n\n\n\n

                      Free authenticator apps like JumpCloud Protect\u2122<\/a> make it easy to layer MFA across not just Linux devices, but MacOS and Windows devices, as well as SSH sessions. Download the app from the iOS App Store<\/a> or the Google Play Store<\/a> today to get started.<\/p>\n","protected":false},"excerpt":{"rendered":"

                      This tutorial sheds light on some of the ways you can manage passwords on a Linux system.<\/p>\n","protected":false},"author":131,"featured_media":57818,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[2377,2372,2388],"collection":[2778],"platform":[],"funnel_stage":[3017],"coauthors":[2568],"acf":[],"yoast_head":"\nHow to Manage User Passwords on Linux Machines - JumpCloud<\/title>\n<meta name=\"description\" content=\"This tutorial sheds light on some of the ways you can manage passwords on a Linux system.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Manage User Passwords on Linux Machines\" \/>\n<meta property=\"og:description\" content=\"This tutorial sheds light on some of the ways you can manage passwords on a Linux system.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-20T16:24:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-17T20:31:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"173\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kelsey Kinzer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kelsey Kinzer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\"},\"author\":{\"name\":\"Kelsey Kinzer\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/c4e9aeadd98cafbd216d3134ad10ab13\"},\"headline\":\"How to Manage User Passwords on Linux Machines\",\"datePublished\":\"2021-12-20T16:24:00+00:00\",\"dateModified\":\"2024-12-17T20:31:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\"},\"wordCount\":1887,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png\",\"keywords\":[\"Linux\",\"password management\",\"tutorial\"],\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\",\"url\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\",\"name\":\"How to Manage User Passwords on Linux Machines - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png\",\"datePublished\":\"2021-12-20T16:24:00+00:00\",\"dateModified\":\"2024-12-17T20:31:28+00:00\",\"description\":\"This tutorial sheds light on some of the ways you can manage passwords on a Linux system.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png\",\"width\":512,\"height\":173},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Manage User Passwords on Linux Machines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/c4e9aeadd98cafbd216d3134ad10ab13\",\"name\":\"Kelsey Kinzer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/08f33caaabd3e83507748fcc2d575a67\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9a16ebe214c820d6c288597039b7e89f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9a16ebe214c820d6c288597039b7e89f?s=96&d=mm&r=g\",\"caption\":\"Kelsey Kinzer\"},\"description\":\"Kelsey is a passionate storyteller and Content Writer at JumpCloud. She is particularly inspired by the people who drive innovation in B2B tech. When away from her screen, you can find her climbing mountains and (unsuccessfully) trying to quit cold brew coffee.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Manage User Passwords on Linux Machines - JumpCloud","description":"This tutorial sheds light on some of the ways you can manage passwords on a Linux system.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines","og_locale":"en_US","og_type":"article","og_title":"How to Manage User Passwords on Linux Machines","og_description":"This tutorial sheds light on some of the ways you can manage passwords on a Linux system.","og_url":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines","og_site_name":"JumpCloud","article_published_time":"2021-12-20T16:24:00+00:00","article_modified_time":"2024-12-17T20:31:28+00:00","og_image":[{"width":512,"height":173,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png","type":"image\/png"}],"author":"Kelsey Kinzer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kelsey Kinzer","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines"},"author":{"name":"Kelsey Kinzer","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/c4e9aeadd98cafbd216d3134ad10ab13"},"headline":"How to Manage User Passwords on Linux Machines","datePublished":"2021-12-20T16:24:00+00:00","dateModified":"2024-12-17T20:31:28+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines"},"wordCount":1887,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png","keywords":["Linux","password management","tutorial"],"articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines","url":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines","name":"How to Manage User Passwords on Linux Machines - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png","datePublished":"2021-12-20T16:24:00+00:00","dateModified":"2024-12-17T20:31:28+00:00","description":"This tutorial sheds light on some of the ways you can manage passwords on a Linux system.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/12\/linus-password-management-10.png","width":512,"height":173},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/how-to-manage-user-passwords-on-linux-machines#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"How to Manage User Passwords on Linux Machines"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/c4e9aeadd98cafbd216d3134ad10ab13","name":"Kelsey Kinzer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/08f33caaabd3e83507748fcc2d575a67","url":"https:\/\/secure.gravatar.com\/avatar\/9a16ebe214c820d6c288597039b7e89f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9a16ebe214c820d6c288597039b7e89f?s=96&d=mm&r=g","caption":"Kelsey Kinzer"},"description":"Kelsey is a passionate storyteller and Content Writer at JumpCloud. She is particularly inspired by the people who drive innovation in B2B tech. When away from her screen, you can find her climbing mountains and (unsuccessfully) trying to quit cold brew coffee.","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/57808"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/131"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=57808"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/57808\/revisions"}],"predecessor-version":[{"id":118514,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/57808\/revisions\/118514"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/57818"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=57808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=57808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=57808"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=57808"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=57808"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=57808"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=57808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}