Q & A

Password expiry for users is configuring in /etc/login.defs file.These are the password aging parameters
PASS_MAX_DAYS                Maximum number of days a password may be used.
PASS_MIN_DAYS                 Minimum number of days allowed between password changes.
PASS_WARN_AGE               Number of days warning given before a password expires.

By default PASS_MAX_DAYS will be 99999 days that means no password expiry.So we are going to configure password expiry for all users in 90 days and minimum days between password change is 1 day.
Open /etc/login.defs and change the following entries

PASS_MAX_DAYS    90
PASS_MIN_DAYS    1
PASS_WARN_AGE    7

save and exit

So after 90 days all users are forced to change their passwords.

To set password expiry for a particular user:We can use chage utility to enable password expiry for a particalar user
Usage: chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] username
eg: if we want to enable password expiry for root user (90 days to expire,minimum days between password change is 1 day and warning about password expiry in 7 days)

# chage -m 1 -M 90 -W 7 root

change can also be used to find out the last password change,password expiration date  etc

# chage -l root
 Last password change                                      : Aug 26, 2021
 Password expires                                                 : Nov 24, 2021
 Password inactive                                               : never
 Account expires                                                   : never
 Minimum number of days between password change          : 1
 Maximum number of days between password change         : 90
 Number of days of warning before password expires             : 7