HPE Community
Operating System - HP-UX
1756530 Members
2164 Online
108848 Solutions
New Discussion юеВ

lftm=-1 What does this mean

 
John McWilliams_1
Frequent Advisor

тАО03-10-2008 05:40 PM

тАО03-10-2008 05:40 PM

lftm=-1 What does this mean

Hi - I am running trusted systems. When I run getprpw -m lftm USER, I get 0 (meaning password ageing is off) for all except 2 servers where the value returned is -1.
What does this mean? I have looked in SAM and ageing is turned off for this user on all, including these 2 systems.(which is what I want).

Thanks John
0 Kudos
2 REPLIES 2
Bill Hassell
Honored Contributor

тАО03-10-2008 06:03 PM

тАО03-10-2008 06:03 PM

Re: lftm=-1 What does this mean

Actually, from the modprpw man page:

"No aging is present if the following 4 database parameters are all zero: u_minchg, u_exp, u_life, u_pw_expire_warning."

And from man prpwd:

"u_life This field is a time_t value that specifies the lifetime of a password. If this time is reached, the account will be locked and can only be unlocked by an authorized system administrator."

u_life is password lifetime, similar to expiration time, but root is required to unlock the account if lifetime is exceeded. The man page for getspent implies that unspecified entries default to -1 but do comment any further.


Bill Hassell, sysadmin
0 Kudos
John McWilliams_1
Frequent Advisor

тАО03-10-2008 07:03 PM

тАО03-10-2008 07:03 PM

Re: lftm=-1 What does this mean


I think the problem here is that the lftm (u_life) was set to -1. This refers to the default value. When looking in sam aging was off. I turned it on but left all values as 0, so no aging. This set aging off again and the value of lftm went to 0.

Thanks for your help

John
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.