topic Re: password aging in Operating System - HP-UX

password aging

joe clark — Thu, 12 Jun 2003 13:14:22 GMT

For a trusted system, to enable password aging, its looks like everyone will be forced to change their password at next login. I was wondering if their were any scripts to reset the aging so they don't have to reset their password right away.
Thanks

Re: password aging

Michael Steele_2 — Thu, 12 Jun 2003 13:33:33 GMT

Trusted systems are all administered via SAM since there are no man pages. A man page would be a security problem. So in SAM you can disable passwd aging:

"Account for users and groups" > "users"
Select "root" (or others accounts you want to
modify)
>select "Action"->"Modify security policies"->"Password aging".
You may have "default enable", modify as "disable"

Re: password aging

Jean-Louis Phelix — Thu, 12 Jun 2003 13:41:55 GMT

hi,

from 'man modprpw' :

-v This option is specified with a user name to "validate/refresh"
the specified user's password. It sets the successful change
time to the current time.

May be combined with options -l, -m, -n.

Regards

Re: password aging

Paul Sperry — Thu, 12 Jun 2003 13:54:31 GMT

modprpw -V This option is specified WITHOUT a user name to
"validate/refresh" all user's passwords. It goes through the
protected password database and sets the successful change time
to the current time for all users. The result is that all user's password aging restarts at the current time.

May be combined with one of -l or -n options.

Re: password aging

Sridhar Bhaskarla — Thu, 12 Jun 2003 14:01:42 GMT

Hi,

Immediately after the conversion, run the command

#/usr/lbin/modprdef -m exptm=0

This should unexpire the passwords for all the users.

-Sri

Re: password aging

Ken Penland_1 — Thu, 12 Jun 2003 15:00:10 GMT

I have attached the documentation I have on modprpw...it is not a normal man page we found it ages ago on the net...it proves quite useful.

Re: password aging

Bill Hassell — Thu, 12 Jun 2003 17:56:09 GMT

modprpw does have a man page now--it is found only in 11.11 versions of HP-UX but you can also access this man page at http://docs.hp.com/ There are a number of options but since it will not run if you are not the superuser, it is a safe command. Also, it is found in a 'backend' directory: /usr/lbin and as mentioned in the man pages, backend commands are not designed to be stable which menas they are probably associated with another application (like SAM) and not designed to be run directly or used in scripts. However, modprpw has been stable (except for the -w option) since the mid-1990's.