Create the user
[email protected] ~$ sudo adduser <username>
I like to use a default password that is easy to remember 'Password01' for first log in.
Add the user to any additional groups needed
[email protected] ~$ sudo adduser <username> <group>
Enforce change password on first login
[email protected] ~$ sudo chage -d 0 <username>
Enforce strong passwords
First, install the required library:
[email protected] ~$ sudo apt-get install libpam-cracklib.so
Next, modify the file /etc/pam.d/common-password by adding the following line at the end. It is space-separated.
password requisite pam_cracklib.so ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
where the parameters ucredit, lcredit, dcredit and ocredit specify whether upper-case, lower-case, different-case and other-characters are enforced.
Below is a more complex option including the maximum number of retries to change the password and a minimum length:
password requisite pam_cracklib.so retry=3 minlen=10 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
Enforcing strong password and limiting login attempts will invariably result in users getting locked out. You will therefore need to know how to reset accounts. It's easy.
[email protected] ~$ sudo passwd <username>
and you're done.