[HPADM] MODPRPW/GETPRPW man pages exposed!
From owner-hpux-admin@DutchWorks.nl Fri Jun 18 14:54:29 1999
Received: from dworks02.dutchworks.nl (dworks02.DutchWorks.nl [130.161.204.198])
by hpux.dutchworks.nl (8.8.6 (PHNE_14041)/8.8.6) with ESMTP id OAA03600;
Fri, 18 Jun 1999 14:54:28 +0200 (METDST)
Received: from localhost (daemon@localhost)
by dworks02.dutchworks.nl (8.8.6 (PHNE_14041)/8.8.6) with SMTP id OAA23041;
Fri, 18 Jun 1999 14:46:32 +0200 (METDST)
Received: by dworks02.dutchworks.nl (bulk_mailer v1.8); Fri, 18 Jun 1999 14:46:24 +0200
Sender: hpux-admin-owner@DutchWorks.nl
Received: from hpux.dutchworks.nl (root@hpux.DutchWorks.nl [130.161.204.195])
by dworks02.dutchworks.nl (8.8.6 (PHNE_14041)/8.8.6) with ESMTP id OAA22995
for <hpux-admin@dworks02.dutchworks.nl>; Fri, 18 Jun 1999 14:46:19 +0200 (METDST)
Received: from ns2.tudelft.nl (ns2.tudelft.nl [130.161.180.65])
by hpux.dutchworks.nl (8.8.6 (PHNE_14041)/8.8.6) with ESMTP id OAA03531
for <hpux-admin@dutchworks.nl>; Fri, 18 Jun 1999 14:46:18 +0200 (METDST)
Received: from alcsnmx1.nextel.com (unknown-197-226.nextel.com)
by mailhost1.tudelft.nl (PMDF V5.1-12 #D3520)
with ESMTP id <0FDI005UIWT2KG@mailhost1.tudelft.nl> for
hpux-admin@dutchworks.nl; Fri, 18 Jun 1999 14:46:17 +0200 (MET DST)
Received: from morgana ([168.73.95.101]) by alcsnmx1.nextel.com (8.8.8/8.8.6)
with SMTP id IAA11352; Fri, 18 Jun 1999 08:35:32 -0400 (EDT)
Date: Fri, 18 Jun 1999 08:44:51 -0400
From: Ray Prock <rprock@damage.com>
Subject: [HPADM] MODPRPW/GETPRPW man pages exposed!
To: "Ruisz, Robert" <Robert.Ruisz@one.at>, hpux-admin@dutchworks.nl
Message-id: <00b401beb988$5c71b840$655f49a8@Nextel.com>
MIME-version: 1.0
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
References: <41E1A7B4D460D2118FA60008C71E3FB4D75A34@NTSVIEMXS0011>
X-Priority: 3
X-Orig-From: rprock@damage.com
Precedence: list
(the man page follows my rant and plea, I didn't lie about having them)
As from my original post a week or so ago....
HP does not/ will not support modprpw. If you have seen the 11.0 version,
you will see the evolution of their idea that SAM should be the end all-- be
all for user account maintenance. Ergo, it will fade between now and never
WITHOUT ANY WARNING, as they have told *me* that they have that perogative
as it is not a supported command.
I am currently driving this into an HP standard command set(sorry for SAM
fans, it just is worthless on machines handling thousands of users; ie. type
'sam', and go get lunch).
If anyone has a service agreement with HP, please open an SR with them if
you would like to keep the command line account interaction. Otherwise, say
goodbye to any scripts.
But! For those of you interested, here is the man page I was able to
connive out of HP:
> ************************
>
> * NAME
> *
> * getprpw - Display per user protected password settings in
> databases
> *
> * SYNOPSIS
> *
> * getprpw [-r] [-m parm[,parm]] username
> *
> *
> * DESCRIPTION
> *
> * getprpw display's the users protected password database
> * settings. This command will be available only in trusted
> * systems environment.
> *
> * OPTIONS
> *
> * getprpw recognizes the following options
> *
> * -r displays the arguments supplied to -m in raw format
> *
> * -m Displays the value for the argument passed. An
> * "invalid-opt" is printed if a list of options passed
> * to -m contains an invalid option. The rest of the options
> * will be processed. If -m is specified without any
> * parameters, all parameters are displayed in the order
> * given below.
> *
> * Boolean fields are returned as YES, NO, or DFT (default).
> * Units of time are returned in number of days (>=0).
> * A value of -1 indicates that the field had not been assigned
> * a value in the user database.
> *
> * the following parameters for the user can be displayed
> * using the -m option.
> *
> * uid - get the users uid
> *
> * bootpw - get the boot authorization flag
> *
> * audid - get audit id
> *
> * audflg - get audit flag
> *
> * mintm - get the minimum time between password changes
> *
> * maxpwln - get the maximum password length for this user
> *
> * exptm - get password expiration time
> *
> * lftm - get password lifetime
> *
> * spwchg - last sucessful password change time
> *
> * upwchg - last unsucessful password change time
> *
> * acctexp - get account expiration time
> *
> * llog - last login time interval
> *
> * expwarn - password expiration warning time
> *
> * usrpick - display whether user picks password field,
> * YES/NO/DFT
> *
> * syspnpw - display whether system generates pronounceable
> * passwords, YES/NO/DFT
> *
> * rstrpw - display wheteher password is restricted, i.e,
> checked
> * for triviality. YES/NO/DFT
> *
> * nullpw - display whether NULL passwords are allowed,
> * YES/NO/DFT. NOT RECOMMENDED !!!.
> *
> * admnum - get admin number
> *
> * syschpw - display whether system generates passwords having
> * charaters only, YES/NO/DFT
> *
> * sysltpw - display whether system generates passwords having
> * letters only, YES/NO/DFT
> *
> * timeod - get the time of day allowed for login by
> this user
> *
> * slogint - time of last successful login by this user
> *
> * ulogint - time of last unsuccessful login by this user
> *
> * sloginy - get tty of last successful login by this user
> *
> * culgoin - consecutive number of unsuccessful logins so
> * far by this user
> *
> * uloginy - tty of last unsuccessful login by this user
> *
> * umaxlntr - get maximum unsuccessful login tries
> *
> * alock - get the administrator lock, YES if on, NO if off,
> * DFT if not set.
> *
> * lockout - returns the reason for a lockout in a
> "bit" valued
> * string. The position, left to right represents:
> *
> * 1 past password lifetime
> * 2 past last login time
> * 3 past absolute account lifetime
> * 4 exceeding unsuccessful login attempts
> * 5 password required and a null password
> * 6 admin lock
> * 7 password is a *
> *
> * the value 0 = condition not present, 1
> is present.
> *
> * RETURN VALUES
> *
> * 0 success
> * 1 user not privileged
> * 2 incorrect useage
> * 3 can not fine the password file for this user
> * 4 system is not trusted
>
> *****************************
>
> * NAME
> *
> * modprpw - Update per user protected password settings
> in database
> *
> *
> * SYNOPSIS
> *
> *modprpw [-A][-E|V][-e|v][-k][-w][-x][-m option=value[,option=value]]
> username
> *
> *
> * DESCRIPTION
> *
> * modprpw updates the user's protected password database
> settings.
> * This command will be available only in trusted environment.
> *
> *
> * OPTIONS
> *
> * modprpw sets users parameters as defined by options
> specified.
>
> * The options should be validated for proper values before
> * updating the database.
> *
> * If the field are not specified in the option then its value
> * remains unchanged in the database else it is set as
> specified
> * in the option.
> *
> * modprpw should recognize the following options
> *
> * -A To Add a new user entry. This entry has to
> be created
> with
> * the given username and the -m uid=value. This also
> returns
> * an admin number that the new user must use to login
> the
> * first time.
> *
> * Can not be used with the -k, -w or -x
> options. Error
> * returned if user already exists.
> *
> * -E This option is speciefied WITHOUT a user name. It
> * goes through the protected password database and
> * and removes the successful login time from
> all users.
>
> * The result is all users will need to enter a new
> password
> * at next login.
> *
> * This option is not valid with any other option.
> *
> * -e This option is specified with a user name to expire
> * the specified user's password.
> *
> * This option can be specified with the -m option.
> *
> * -k To unlock/enable a users's account that has become
> disabled.
> *
> * -m is the only other valid option.
> *
> * -m Modify the option to the specified value.
> * An "invalid-opt" is printed if a list of options
> passed
> * to -m contains an invalid option. Processing
> terminates.
> *
> * If the value=-1, the numeric value in the
> database is
>
> * removed allowing the for system default
> values to be
> used.
> * Boolean values are specified as YES, NO and DFT for
> system
> * default values.
> *
> * Valid with -A and -k options only.
> *
> * Following parameters can be set using this option.
> *
> * uid=value - Set the uid of the
> user to value.
> No
> * sanity checking is done on this
> value.
> *
> * bootpw - set boot authorization
> privilege.
>
> * YES/NO ... NO removes
> it from the
>
> * file. The default file value is
> NO.
> *
> * audid=value - Set auditid.
> *
> * audflg=value - Set auditflag.
> *
> * mintm=value - Set the minimum time between
> password
> * changes to value (days/weeks).
> *
> * maxpwln=value - Set the maximum password length
> for
> * this user.
> *
> * exptm=value - Set password expiration time to
> value
> * (days).
> *
> * lftm=value - Set Password life time to value
> * (days).
> *
> * acctexp - Set the account
> expiration time.
> * Time is a calendar format time.
> *
> * llog=value - Set the last login
> time interval.
>
> * (days)
> *
> * expwarn=value - Set password expiration warning
> time
> * to value (days).
> *
> * usrpick=value - Set whether User Picks Password
> field,
> * YES/NO/DFT.
> *
> * syspnpw=value - Set whether system generates
> * pronounceable passwords,
> YES/NO/DFT.
> *
> * rstrpw=value - Set whether Password is
> restricted,
> * YES/NO/DFT. If YES,
> password will
> be
> * checked for triviality.
> *
> * nullpw=value - Set whether Null passwords are
> allowed,
> * YES/NO/DFT. NOT
> RECOMMENDED !!:.
> *
> * admnum=value - Admin number returned
> when adding
> a
> * new user or reseting
> an existing
> users
> * password
> *
> * syschpw=value - Set whether system generates
> passwords
> * having characters only field,
> YES/NO?DFT
> .
> *
> * sysltpw=value - Display whether system
> generates
> * passwords having letters only
> field,
> * YES/NO/DFT.
> *
> * timeod=value - Set the time of Day allowed for
> * login for this user.
> *
> * The format is:
> *
> * key0Starttime-Endtime,key1Starttime-Endtime,...
> * keynStarttime-Endtime
> *
> * Where key has the following values:
> *
> * Mo - Monday Tu - Tuesday We - Wednesday Th -
> Thursday
> * Fr - Friday Sa - Saturday Su - Sunday Any -
> everyday
> * Wk - Monday -> Friday
> *
> * and Starttime and Endtime is the time in military
> format:
> *
> * HHMM - 00 <= HH <= 23, 00 <= MM <= 59
> *
> *
> * umaxlntr=value - Set Maximum Unsuccessful Login
> tries
> * allowed to value for user.
> *
> * alock=value - Set the administrator lock,
> YES/NO/DFT.
> *
> *
> * -V This option is specified WITHOUT a user name. It
> * goes through the protected password database and
> * sets the successful login time to the current for
> * all users. The result is that all users password
> * aging starts at the current time.
> *
> * This option is not valid with any other option.
> *
> * -w Change the user's password. The single, required
> option
> * is the encrypted password.
> *
> * -w password
> *
> * Not valid with any other options.
> *
> * -x Reset the user's password and return a
> admin number
> that
> * the user must later supply to the login process to
> login
> * and pick a new password.
> *
> * Not valid with any other options.
> *
> *
> *
> * RETURN VALUES
> *
> * 0 success
> * 1 User not privileged
> * 2 Incorrect usage
> * 3 Can not find the entry or file
> * 4 Can not change the entry
> * 5 Not a Trusted System
> *
> *
> * EXAMPLES
> *
> * modprpw -m mintm=12,syspnpw=1,syschpw=1 someusr
> *
> * Set the minimum time between password changes' to 12 (days)
> * and should set the System generates pronounceable password
> * flag, the System generates password having characters
> * only flag.
> *
> * The following example is to restrict the times the user
> * someusr can get on the system on Mondays, and Fridays to
> 5PM-9PM
> * and Sundays from 5AM-9AM. Other days are not restricted.
> *
> * modprpw -m
> timod=Mo1700-2100,Fr1700-2100,Su0500-0900 someusr
> *
> *
> *
> * WARNINGS
> *
> * Very little, if any, checking is done to see if
> the value is
> * valid. It is the users responsibility to range
> check values.
>
> *
> *
> * DEPENDENCIES
> *
> *
> *
> * FILES
> *
> * /etc/passwd System Password file
> *
> * /tcb/files/auth/ * / * Protected
> Password Database
>
> *
> * /tcb/files/auth/system/default System Defaults Database
> *
> *
--
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)