# Password expire for root not working?



## icecoke (Nov 20, 2013)

When I set the password expire as root for root to e.g. one minute, exit and `su -` again, than I'm warned (by PAM?) that my password is about to expire. When I exit again to `su -` again long after the expire date, nothing happens. No one is forcing me to change the password nor informing me about that it is expired:


```
[root@testvs2 ~]# pw usermod -p +1m -u root
[root@testvs2 ~]# exit
logout
[admin@testvs2 ~]# su -
Password:
Warning: your password expires on Tue Nov 19 23:57:37 2013
[root@testvs2 ~]# date
Di 19 Nov 2013 23:56:45 CET
[root@testvs2 ~]# exit
logout
[admin@testvs2 ~]# su -
Password:
[root@testvs2 ~]# date
Mi 20 Nov 2013 09:54:18 CET
[root@testvs2 ~]# exit
logout
```

So, what is wrong here? What do I miss, if it's possible at all to force root for change his password?


----------



## icecoke (Nov 23, 2013)

No one?


----------



## icecoke (Dec 3, 2013)

Just for the ones who might ask themselves the same question:

First - it does happen for all users, not only root. The reason was, there is no password management handler in pam.d/su by default and the 'reminder' about expiring comes from the account management handler in PAM. This is calling pam_sm_chauthtok but if no handler for the password things is set, nothing happens.

So adding e.g. simply this to the PAM file in question does the trick:


```
# password
password        required        pam_unix.so             no_warn try_first_pass
```

Gracias!


----------



## fonz (Dec 3, 2013)

icecoke said:
			
		

> So adding e.g. simply this to the PAM file in question does the trick:


Thanks for sharing


----------

