topic Re: Semi-Global Password Expiration in Operating System - HP-UX

Semi-Global Password Expiration

Brian Atkins — Tue, 07 Nov 2000 20:24:27 GMT

I have a new system with approximately 750 users. Nearly all of the user accounts were imported from the legacy system and I would like to expire all of the imported users passwords without affecting the root, SA and developer accounts.
I could not locate anything in SAM except a global expiration, which would affect everyone.

Re: Semi-Global Password Expiration

Rick Garland — Tue, 07 Nov 2000 20:30:00 GMT

You could write a script that will parse the /etc/passwd file (say, by UID) and then put a '*' in the passwd field of the acct record.

If any modifications are going to take place, first and foremost, make a copy of the passwd file so as to have the original handy.

Re: Semi-Global Password Expiration

Kofi ARTHIABAH — Tue, 07 Nov 2000 20:33:41 GMT

You could write a script that would expire passwords for specific users:

for user in `cat /tmp/userlist`
do
passwd -f $user #force users to change pw
done

where /tmp/userlist will contain the list of users whose passwords you want to expire. An easy way to generate /tmp/userlist is:

cat /etc/passwd | awk -F: '{ print $1 }'

then go in and remove the accounts (eg root sysadmin etc. that you do not want in the list)

if it is easier, you could maintain an exception list and re-write the script accordingly.

Re: Semi-Global Password Expiration

Brian Atkins — Tue, 07 Nov 2000 20:34:04 GMT

We are operating on a Trusted System, so '*' is already in the password column.

Re: Semi-Global Password Expiration

Brian Atkins — Tue, 07 Nov 2000 20:41:10 GMT

The AWK idea work great. Thanks!

Re: Semi-Global Password Expiration

Rick Garland — Tue, 07 Nov 2000 20:43:34 GMT

Then do the passwd -f command.

This will expire the acct and force a change at next login.