topic Re: Account disabled in Operating System - HP-UX

Account disabled

Starrynight — Thu, 04 Oct 2001 13:20:03 GMT

Hi all

Question: I have a user that as the password expiration time set to 186 days (6 months), the account life time set to infinite and the maximum period of inactivity on account set to 90 days. If that user logins everyday how can his account is disabled once in a while, before 6 months?

Re: Account disabled

harry d brown jr — Thu, 04 Oct 2001 13:22:51 GMT

If they, or someone else, attempts to login using their user name, and they fail to enter in a correct password, x (usually 3) number of times, then the account will be disabled.

Re: Account disabled

Stefan Farrelly — Thu, 04 Oct 2001 13:28:16 GMT

Only by having X bad password attempts will the account become disabled. You will need to use the modprpw command umaxlntr= option to set the number of bad password attempts to > the default of 3.

Re: Account disabled

Sridhar Bhaskarla — Thu, 04 Oct 2001 13:36:29 GMT

If the system is not trusted, there is no way of disabling the account unless somebody does it manually. If it is trusted, depending on the policy settings, it will get disabled after the certain number of accounts. If he has been logging on regularly and still if the account is disabled, you need to see who was trying to login with his id. Do a lastb -R|grep login_id to see who tried to login.

-Sri

Re: Account disabled

Patrick Wallek — Thu, 04 Oct 2001 13:39:05 GMT

If you wish to see the attempts to login as a user that failed (bad logins) you can use the lastb command.

Do a:

# lastb username

and that will display all the bad login attemps that are in the /var/adm/btmp file so you can see if bad password really are disabling the account.

Re: Account disabled

Starrynight — Tue, 09 Oct 2001 09:37:30 GMT

Dear Mr. Sridhar Bhaskarla

The system is trusted and I don?t know which policy settings who refer. Each user as is own ploicy settings and this one is an tranference user, used 10 times a day for the same person.

Thank you for your reply but unfortunatelly it didn?t solved my problem.

SN

Re: Account disabled

Animesh Chakraborty — Tue, 09 Oct 2001 11:52:44 GMT

Hi,
I am making a guess..
Any changes in date and time ?

thanks
Animesh

Re: Account disabled

Starrynight — Tue, 09 Oct 2001 12:49:10 GMT

No changes in date and time....

SN

Re: Account disabled

harry d brown jr — Tue, 09 Oct 2001 13:10:21 GMT

Could someone else or the user themself, be entering in their password wrong (more than 3 times in a day)?? Although they might claim they haven't.

Take a look at this thread and commands for a trusted system:

http://aa11.cjb.net/hpux_admin/2000/03/0056.html