https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164895#M160133 Hi,<BR /><BR />Yes, you can do it, if you are running on HP UX 11i and installed a additional product called HP ShadowPassword Bundle.<BR /><BR />It will add 3 parameters in /etc/default/security file which can be used to acheive it. after installing this /etc/passwd file will not have encrypted password, these will be moved to /etc/shadow file.<BR /><BR />it can be done without converting system into trusted mode.<BR /><BR />read this for more info<BR /><BR /><A href="http://newfdawg.com/SecBook-2.4.1.htm" target="_blank">http://newfdawg.com/SecBook-2.4.1.htm</A><BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword</A><BR /><BR />Sunil Thu, 15 Jan 2004 01:35:31 GMT Sunil Sharma_1 2004-01-15T01:35:31Z https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164890#M160128 Hi,<BR /><BR />i have 2 question regarding password aging<BR /><BR />1. Can it be set for all user at a time. ie when new user is created he will automatically have the same policy.<BR /><BR />2. Can i set message that will appear to a user 5/6 days before password expires.<BR /><BR />Khashru Wed, 14 Jan 2004 21:56:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164890#M160128 M. Tariq Ayub 2004-01-14T21:56:51Z https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164891#M160129 You can set it system wide.<BR />sam --&gt; auditing and security --&gt; system security policies --&gt; password aging policies <BR />or you can set it individually.<BR />accounts for users --&gt; users --pick you user --&gt; actions --&gt; modify security policy<BR /><BR />As far as the warning is concerned, this in the system wide password aging policies and shown above. (password expiration warning time) which you can set to however many days you like. Wed, 14 Jan 2004 22:07:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164891#M160129 Michael Tully 2004-01-14T22:07:18Z https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164892#M160130 Hi,<BR /><BR />i donot have trusted system. And i donot want to do that. In that case how can i set machine wide and also add message.<BR /><BR /> Wed, 14 Jan 2004 22:13:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164892#M160130 M. Tariq Ayub 2004-01-14T22:13:55Z https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164893#M160131 As far as I know you can't set these policies without your system being trusted. Changing to trusted sets up a database for a variety of password aging functions.<BR />The only aging you can use for passwords is time related and you cannot create warnings without writing a quite detailed script. See man 4 passwd for details on setting up the actual aging. Wed, 14 Jan 2004 22:35:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164893#M160131 Michael Tully 2004-01-14T22:35:49Z https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164894#M160132 You can set these passwords with the passwd command by running a script.<BR /><BR /><BR />the variables are descriptive.<BR /><BR /># passwd -r file -n $MINDAYS -x $MAXDAYS $user<BR /><BR />How and when to trigger it, is your part of the job.<BR /><BR />SEP Wed, 14 Jan 2004 22:56:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164894#M160132 Steven E. Protter 2004-01-14T22:56:02Z https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164895#M160133 Hi,<BR /><BR />Yes, you can do it, if you are running on HP UX 11i and installed a additional product called HP ShadowPassword Bundle.<BR /><BR />It will add 3 parameters in /etc/default/security file which can be used to acheive it. after installing this /etc/passwd file will not have encrypted password, these will be moved to /etc/shadow file.<BR /><BR />it can be done without converting system into trusted mode.<BR /><BR />read this for more info<BR /><BR /><A href="http://newfdawg.com/SecBook-2.4.1.htm" target="_blank">http://newfdawg.com/SecBook-2.4.1.htm</A><BR /><BR /><A href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword" target="_blank">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword</A><BR /><BR />Sunil Thu, 15 Jan 2004 01:35:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-aging/m-p/3164895#M160133 Sunil Sharma_1 2004-01-15T01:35:31Z