modprpw documentation?

okcunix — Wed, 11 Feb 2004 09:19:42 GMT

In the area of 'trusted systems'; I need some kind of good documentation about the modprpw and related cmds. Where/what is a good source?

Re: modprpw documentation?

RAC_1 — Wed, 11 Feb 2004 09:26:14 GMT

getprpw - display user's protected password database
USAGE
/usr/lbin/getprpw [-r] [-m option[,option]] logonid
OPTIONS
-r raw display of the protected database field values
-m display the value of the option given. If -m is not specified,
all protected database fields will be displayed.
Boolean values are returned as YES, NO, or DFT (default).
A -1 value indicates that the field is undefined.
The following values will be displayed or can be selected
using the -m option:
uid logonid's uid
bootpw boot authorization flag
audid audit id

audflg audit flag

mintm minimum time allowed between password changes

exptm password expiration time

lftm password lifetime

acctexp account expiration time

spwchg time of last successful password change

upwchg time of last unsuccessful password change

llog maximum time allowed between logins

expwarn password expiration warning time

usrpick user allowed to pick passwords

nullpw null passwords allowed

maxpwln maximum password length allowed

rstrpw restricted passwords - checked for triviality

syspnpw system generates pronounceable passwords

admnum administrative number assigned

syschpw system generates character only passwords

sysltpw system generates letter only passwords

timeod time of day allowed for login

slogint time of last successful login

ulogint time of last unsuccessful login

sloginy terminal of last successful login

uloginy terminal of last unsuccessful login

culogin consecutive number of unsuccessful logins

umaxlntr maximum number of unsuccessful logins allowed

alock administrative lock

lockout bit string representing reason account is disabled

1 = true, 0 = false

bit 1 password lifetime exceeded

2 time between logins exceeded

3 account absolute lifetime exceeded

4 unsuccessful logon attempts exceeded

5 null password set but not allowed

6 administrative lock

7 password is "*"

RETURN VALUES

0 success

1 user not privileged

2 incorrect use

3 protected database not found for user

NOTE. This is an undocumented command and not supported for direct use by

end users.

This documentation has been gathered from multiple sources, inferred or

developed empirically. No warranty is provided for its accuracy,

completeness or use.

---------------------------------------------------------------------------

getprdef (1M) getprdef (1M)

NAME

getprdef - display default database

USAGE

/usr/lbin/getprdef -r [-m option],option] [-b] [-p] [-t]

OPTIONS

-r raw display of the protected database field values

-m display the value of the option given. If -m is not specified,

all protected database fields will be displayed.

-b display password defaults

-p display time defaults

-t display login defaults

Boolean values are returned as YES, NO, or DFT (default).

A value of -1 indicates that the field is undefined.

The following values will be displayed or can be selected

using the -m option:

bootpw boot authorization flag

mintm minimum time allowed between password changes

exptm password expiration time

lftm password lifetime

llog maximum time allowed between logins

expwarn password expiration warning time

usrpick user allowed to pick passwords

nullpw null passwords allowed

maxpwln maximum password length allowed

rstrpw restricted passwords - checked for triviality

syspnpw system generates pronounceable passwords

syschpw system generates character only passwords

sysltpw system generates letter only passwords

umaxlntr max number of consecutive unsuccessful logins allowed

tmaxlntr max number of consecutive unsuccessful logins allowed

per terminal

dlylntr time delay between unsuccessful login attempts

lntmout login timeout in seconds

RETURN VALUES

0 success

1 user not privileged

2 incorrect use

NOTE. This is an undocumented command and not supported for direct use by

end users.

This documentation has been gathered from multiple sources, inferred or

developed empirically. No warranty is provided for its accuracy,

completeness or use.

---------------------------------------------------------------------------

modprpw (1M) modprpw (1M)

NAME

modprpw - modify a user's protected database

USAGE

/usr/lbin/modprpw [-A][-E|V][-e|v][-k][-w][-x]

-[m opt=value[,opt=value]] logonid

modprpw updates the user Protected Database options with the values specified.

It is the users responsibility to validate all options and values before

execution.

Any fields not specified remain unchanged in the database.

OPTIONS

-A Add a new user. Requires -m uid=value and returns the admin

number the user must use as a password to login the first time.

Logonid must not already exist and can not be used with

-k, -w or -x options.

-E Expire all passwords by removing the last successful login time

from all users. All users will need to enter new passwords at

next login. Loginid or any other options are not valid with

this option.

-e Expire the password of a specific logonid.

-k Unlock or re-enable a specific logonid.

-m Modify option specified below. If an invalid option is provided

"invalid-opt" will be displayed and processing terminated.

-m options are valid only with -A (add new user) or

-k (unlock user).

Boolean values are specified as YES, NO or DFT (default).

The value=-1 indicates that the value in the database is to be

removed, and the system default value used.

Options:

uid=value logonid's uid

bootpw=YES/NO boot authorization flag

audid=value audit id

audflg=value audit flag

mintm=value minimum days allowed between password changes

exptm=value password expiration time in days

lftm=value password lifetime in days

acctexp=value account expiration in calendar date format

llog=value maximum time allowed between logins in days

expwarn=value password expiration warning time in days

usrpick=YES/NO/DFT user allowed to pick passwords

nullpw=YES/NO/DFT null passwords allowed (NOT RECOMMENDED!)

maxpwln=value maximum password length allowed

rstrpw=YES/NO/DFT restricted passwords - checked for triviality

syspnpw=YES/NO/DFT system generates pronounceable passwords

syschpw=YES/NO/DFT system generates character only passwords

sysltpw=YES/NO/DFT system generates letter only passwords

admnum=value administrative number assigned

timeod=value time of day allowed for login

umaxlntr=value maximum number of unsuccessful logins allowed

alock=YES/NO/DFT administrative lock

The format of the timeod value is:

key0Starttime-Endtime,key1Starttime-Endtime,...

keynStarttime-Endtime

key has the value:

Mo - Monday Sa - Saturday

Tu - Tuesday Su - Sunday

We - Wednesday

Th - Thursday Any - all days

Fr - Friday Wk - Monday - Friday

Starttime and Endtime are hhmm 24 hour format times

where hh = 00 - 23, and mm = 00 - 59

-V Start password aging for all users by setting the last successful

login time to the curent time. No logonid or other arguments are

allowed.

-w Change the logonid's encrypted password. Not valid with any other

option.

Use: -w encrypted_password

-x Remove user's password and return an admin number the user must

logon with and pick a new password. Not valid with any other

option.

RETURN VALUES

0 success

1 user not privileged

2 incorrect use

3 protected database not found for logonid

4 can not change entry

NOTE. This is an undocumented command and not supported for direct use by

end users.

This documentation has been gathered from multiple sources, inferred or

developed empirically. No warranty is provided for its accuracy,

completeness or use.

---------------------------------------------------------------------------

modprdef (1M) modprdef (1M)

NAME

modprdef - modify default database

USAGE

/usr/lbin/modprdef -m option=value[,option=value]

modprdef updates the Default Database options with the values specified.

It is the users responsibility to validate all options and values before

execution.

Any fields not specified remain unchanged in the database.

OPTIONS

-m Modify option specified below. If an invalid option is provided

"invalid-opt" will be displayed and processing terminated.

Boolean values are specified as YES, NO.

Options:

bootpw=YES/NO boot authorization flag

mintm=value minimum days allowed between password changes

exptm=value password expiration time in days

lftm=value password lifetime in days

llog=value maximum time allowed between logins in days

expwarn=value password expiration warning time in days

usrpick=YES/NO user allowed to pick passwords

nullpw=YES/NO null passwords allowed (NOT RECOMMENDED!)

maxpwln=value maximum password length allowed

rstrpw=YES/NO restricted passwords - checked for triviality

syspnpw=YES/NO system generates pronounceable passwords

syschpw=YES/NO system generates character only passwords

sysltpw=YES/NO system generates letter only passwords

umaxlntr=value maximum number of unsuccessful logins allowed

tmaxlntr=value maximum number of consecutive unsuccessful

logins allowed per terminal

dlylntr=value time delay between unsuccessful login attempts

lntmout=value login timeout in seconds

RETURN VALUES

0 success

1 user not privileged

2 incorrect use

NOTE. This is an undocumented command and not supported for direct use by

end users.

This documentation has been gathered from multiple sources, inferred or

developed empirically. No warranty is provided for its accuracy,

completeness or use.

Re: modprpw documentation?

Tom Geudens — Wed, 11 Feb 2004 09:26:44 GMT

Hi,
Take a look at the following thread ...
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=99766

P.S. Found it by searching for "modprpw"
Regards,
Tom Geudens

Re: modprpw documentation?

Patrick Wallek — Wed, 11 Feb 2004 09:27:19 GMT

If you have an HP-UX 11i system the modpwpr, getprpw, etc. commands have their man pages included. Just do a 'man modprpw' from the command line.

Have a look in this manual online:
http://docs.hp.com/hpux/onlinedocs/B2355-90691/B2355-90691.html

Re: modprpw documentation?

okcunix — Wed, 11 Feb 2004 09:52:18 GMT

Thank you ALL for such rapid and in-depth responces. Your assistance is greatly appreciated. (I see some "light" now).

topic Re: modprpw documentation? in Operating System - HP-UX

modprpw documentation?

Re: modprpw documentation?

Re: modprpw documentation?

Re: modprpw documentation?

Re: modprpw documentation?