topic Re: passwd never expire in Operating System - HP-UX

passwd never expire

Christina_27 — Tue, 06 Sep 2005 22:00:04 GMT

Hi,

I need to disable password expiry for one HP-UX user account without using SAM.
Does below syntax work and any side effect ?
passwd -x 0

I see another post of suggesting using of modprpw. Is there any side effect and risk of
corrupting the database as said in MAN page?

B. Rgds

Re: passwd never expire

Con O'Kelly — Tue, 06 Sep 2005 22:10:59 GMT

Hi Christina

Use the following command to disable password aging and account expiry for an individual user:

/usr/lbin/modprpw -m exptm=0,lftm=0,mintm=0,expwarn=0,llog=0

Cheers
Con

Re: passwd never expire

morganelan — Wed, 07 Sep 2005 07:01:28 GMT

I think using sam will be better than using command line.passwd -x 0 command work at certain extent but your password option still not change to No Restriction (Normal behaviour), this command will choose Allow only Super User to Change Password.modprpw is a command to modify protected password database
on trusted system.You must aware about your system: trusted or non-trusted?

Re: passwd never expire

Christina_27 — Tue, 13 Sep 2005 01:07:51 GMT

Thanks Con and Moqanelan !

My system is not trusted system. Can I use modprpw ?

We could not use SAM, because it has some unexpected behaviour. However we could not add the patch because of some other reasons.

B. Rgds

Re: passwd never expire

Mel Burslan — Tue, 13 Sep 2005 01:15:23 GMT

modprpw is only for trusted systems. I amnot sure how you do this using a command but if you edit your /etc/passwd file, you will see a sequence of characters making up encrypted password followed by ,XX where XX stands for two alphanumerical characters. If you happen to delete these last 3 characters from the encrypted password field in this file, you will effectively remove the password aging. A caveat emptor, there might be scripts running out of cron, re-establishing password expiration which may nullify what you do by eliminating those 3 characters.

HTH

Re: passwd never expire

Ivajlo Yanakiev — Tue, 13 Sep 2005 02:24:57 GMT

I thinks that in non trust mod you can not set
password expiry for one HP-UX user account.
This is possible only in trust mode.

Re: passwd never expire

john kingsley — Tue, 13 Sep 2005 07:39:12 GMT

If your system is not trusted, it will not support account locking. However, password aging -- forcing users to change passwords after a fixed amount of time -- is supported on non-trusted systems. The easiest way to disable aging on a user account is to remove the aging fields from the end of the encrypted password using vipw. If aging is setup, there will be 5 extra characters at the end of the password field:

:XXXXXXXXXXXXX,MNLL:
,MNLL is the password aging field.
M - Max life of the password
N - Min life of the password
LL - Date password was last changed

The values in these fields are in base-64, so the easies way to view the real values is with "passwd -s -a" or "logins -x -l".

To disable password aging, just delete the ",MNLL" from the end of the password field.

Re: passwd never expire

DCE — Tue, 13 Sep 2005 08:09:56 GMT

Chrtina,

John hit the nail on the head. Edit the passwd file and remove the comma and subsequent characters in the coded field.
I have used this method many times without any issues.

Dave