- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- password on hpux 11i
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 03:16 PM
тАО08-09-2005 03:16 PM
Thanks,
Shiv
Solved! Go to Solution.
- Tags:
- Password
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 03:37 PM
тАО08-09-2005 03:37 PM
Re: password on hpux 11i
trusted or non-trusted system?
regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 03:45 PM
тАО08-09-2005 03:45 PM
Re: password on hpux 11i
In a trusted system password expiry can be found out from sam
sam...auditing and security...system security policy...password aging policy...password expiration time
Regards
CS
- Tags:
- SAM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 03:48 PM
тАО08-09-2005 03:48 PM
SolutionDid you create user with Password Option : Enable Password Aging?If so you can see it through sam->account for users and groups --> users :
To set up password aging policies using SAM:
1.Highlight System Securities Policies.
2.Highlight Password Aging Policies. The Password Aging Policies screen is displayed.
3.Set Password Aging to Enabled. The Enable Password Aging screen is displayed.
4.Select appropriate options by using the arrow keys to highlight them and typing appropriate options.
5.Set the Time Between Password Changes (in days). This sets the minimum time a user must have a password to prevent users from changing their passwords and then changing it back again to the old one.
6.Specify the Password Expiration Time (in days). The expiration time of a password specifies a time after which a user must change the password.
7.Indicate the Password Warning Time (in days). This is when to start sending warning messages to the user that they will need to change their password soon.
8.Specify the Password Lifetime (in days). The lifetime specifies the time at which the account associated with that password is locked. Once locked, the password must be changed before the person can log in.
9.Select OK to accept these values.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 03:56 PM
тАО08-09-2005 03:56 PM
Re: password on hpux 11i
USER=someusername
exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )
((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / 86400))
there is a way to do this on non-trusted systems but I can not find the script to do it. But basically last 3 characters of encrypted password is ,XX where XX is two ascii characters and their ascii value with some calculation that I can not remember, equals to the last password change. Then you have to make a date calculation with Clay's caljd.sh script. It is late in the evening and my brain quit working.
Hope this much helps.
UNIX because I majored in cryptology...
- Tags:
- trusted mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 04:09 PM
тАО08-09-2005 04:09 PM
Re: password on hpux 11i
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000080092170
regards.
- Tags:
- broken URL link
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 04:10 PM
тАО08-09-2005 04:10 PM
Re: password on hpux 11i
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000067130219
regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 07:27 PM
тАО08-09-2005 07:27 PM
Re: password on hpux 11i
Documents provided by Joseph give reasonably good explaination on password expiry for trusted and non-trusted systems.
On trusted systems, you can setup password aging through SAM
Regards
Mahesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-09-2005 08:19 PM
тАО08-09-2005 08:19 PM
Re: password on hpux 11i
it depends on trusted or non_trusted as Joseph's description and links...
on the other hand,Few months ago i have asked
Q about password consept as the link below
and got very important information;
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=854273
Now,My passwd policies is working properly
Also i do not remember the author of the script which i got below gives very useful
information about my users passwd policy;
#!/usr/bin/sh
# Show users in a trusted system whose passwords are about to expire
# Reset the u_succhg (spwchg) last successful password change time
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
integer exp_time
integer exp_date
integer current_time
integer last_change
integer time_left
integer days_left
integer seconds_per_day=86400
integer system_wide_aging
integer user_aging
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
system_wide_aging=$(/usr/lbin/getprdef -r -m exptm)
if [ $system_wide_aging -eq 0 ]
then
print "System wide password aging is disabled.\n"
else
print "System wide password aging is enabled.\n"
fi
for USER in $(listusers | awk '{print $1}')
do
user_aging=$(/usr/lbin/getprpw -r -m exptm $USER)
if [ $user_aging -eq "0" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
if [ $system_wide_aging -eq 0 ]
then
if [ $user_aging -eq "-1" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
fi
U=$(echo $USER|cut -c 1)
exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
current_time=$(/opt/perl/bin/perl -e "print time")
passwd_changed=$(grep u_succhg /tcb/files/auth/$U/$USER)
if [ $? = 1 ]
then
print "\nUser $USER does not have valid last successful password"
print "change date. This can happen if tsconvert is used on"
print "the command line to convert the system, instead of SAM."
continue
fi
last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )
((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / seconds_per_day))
last_change_date=$(getprpw -r -m spwchg $USER)
expire_date=$(echo 0d${exp_date}=Y | adb | cut -c 3-13)
if [ $days_left -gt 1 ]
then
print "\nUser $USER has $days_left days left until password expires"
print "User $USER last changed the password on: $last_change_date."
print "User $USER - password will expire on: $expire_date."
else
print "\nUser $USER: password will expire within one day."
# modprpw -l -v $USER
fi
done
exit 0
Good Luck,