Red Hat password ageing and how to turn it off

I had a customer complain of this error when trying to become ‘oracle’ user on a Red Hat 4.4 server:

[user@redhat ~]$ sudo su – oracle
Your account has expired; please contact your system administrator
/bin/su: incorrect password

The cause was that the password for the oracle account had expired (nothing to do with the user’s own account). The chage command can be used to list account expiry and password ageing information:

# chage -l oracle
Minimum:        1
Maximum:        90
Warning:        7
Inactive:       180
Last Change:            May 08, 2007
Password Expires:       Aug 06, 2007
Password Inactive:      Feb 02, 2008
Account Expires:        Never

Notice the “Password Expires” date has long passed. It is calculated from the “Last Change” date plus the “Maximum” days. I turned off all password ageing as follows:

# chage -M -1 oracle

Now chage -l verifies no password ageing:

# chage -l oracle
Minimum:        1
Maximum:        -1
Warning:        7
Inactive:       180
Last Change:            May 08, 2007
Password Expires:       Never
Password Inactive:      Never
Account Expires:        Never

Problem fixed.