1

What is difference between Password expires and Account expires ? Output of "chage -l username" command in Linux. In both case account will be locked So why there are two different fields?

manish
  • 944
  • 2
  • 14
  • 27

4 Answers4

3

Password expiration means that user needs to change the password on next login. The user still be able to login after resetting the password.

In the case of account expiration, User account will be locked after certain days, Hence it is not able to login at all.

Kiran Badiger
  • 31
  • 1
2

Check this out

https://security.stackexchange.com/questions/49684/difference-between-password-expiration-and-account-expiration

I think password expiration and account expiration are two differents means to achieve the same goal, that is to prevent someone to log in. However, they are used in different context and for different needs.

Password expiration is used when you want to force someone to renew their password at a specific interval (maybe 90 days) but you want the account to stay enabled. The user will be prompted to change his password and the next logon.

Account expiration should be used in another context. For example if you hire a contractor for 6 months and you want the account to be disabled at the end of the contract, you can set an account expiration at a fixed date and you won't have to be concerned about removing access to this contractor when the contract is finished since the account will be automatically disabled.

Community
  • 1
  • 1
WiSeeker
  • 812
  • 9
  • 24
2

The difference is that when the password expires, you can't login using a password, but you can log in using SSH keys, for example. In case the account has expired, you can't log in at all.

Vasil Valchev
  • 63
  • 1
  • 8
0

There are two different things here . First , password expired -> when password gets expired then in the next login user must have to change/reset his password . after password expiry date , he will get reset password prompt as soon as he may try to login . Also , password expired date is calculated using (last password change + max password age ) .

Second , Account expired -> when the account get expired then the password will be expired and also user will not receive any prompt to reset/change password . Now , only root user can help him to login . root user may extend the account expired date or create entire new password with different password expiry information.

So , in short : when password expire , user by its own can reset it but when account expire the user can't change it and can't login at all .

vikram singh
  • 49
  • 5