topic passwd ageing in Operating System - HP-UX

passwd ageing

navin — Wed, 19 Jul 2006 21:41:31 GMT

hello ,i set up passwd ageing for the root account .Even though the passwd has expired able to become root but could not ftp to the system using root account from other systems.Should i be able to use ftp once i reset the passwd ? how come i'm able to su with expired passwd.
thanks in advance.

Re: passwd ageing

Khashru — Thu, 20 Jul 2006 00:33:05 GMT

can you make a new connection after your password expired? or you are using your connected terminal. If you are root and do a su then it will not check password file.

Re: passwd ageing

navin — Thu, 20 Jul 2006 07:41:30 GMT

i'm connecting in different terminal , su from normal to root account.
thanks

Re: passwd ageing

Jaime Bolanos Rojas. — Thu, 20 Jul 2006 07:50:22 GMT

Navin, are you using password ageing with a trusted system or non trusted.

If it is non-trusted please specified configuration to help you out.

Regards,

Jaime.

Re: passwd ageing

Steven E. Protter — Thu, 20 Jul 2006 07:51:12 GMT

Shalom,

ftp can be blocked for a totally different reason.

the ftpaccess file is commonly set to deny root access.

Why?

Because ftp transmits authentication data in clear text.

So when you ftp as user root you send the ROOT PASSWORD IN CLEAR TEXT.

So
ANYONE CAN READ IT AND GAIN ROOT ACCESS

This is considered a bad security practice.

Use ssh or telnet to validate the root account is active.

Use a different user account for ftp.

SEP