This applies to RedHat Enterprise 4 & 5, and by association to Fedora and CentOS. It probably works on some other distros as well, but your mileage may vary.
I am constantly having to reset user passwords, as I use the “three failures and your account is locked” schema, as well as set passwords to expire every 60 days.
- Lock their account so they don’t log in while you are performing these steps:
#> usermod -L username
- Change their password to the temporary password you wish to assign them:
#> passwd username (Enter the password when prompted)
- Change the age of this new password to 0 so that the user will be forced to create a new password the next time they log in:
#> chage -d 0 username
- Unlock their account so they can log in again:
#> usermod -U username
That should do it! If you’d like to learn more about requiring passwords of a certain length/complexity, setting them to auto-expire after a certain length of time, or other password management tricks, check back soon.