Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

Command to check user locked

SOLVED
Go to solution
SANJAY MUNDHRA
Regular Advisor

Command to check user locked

Hello,

Is there any command to check user's locked, am nt able to use dxaccounts due to security restrcitions.

Thanks in advance.

Cheers,
Sanjay
4 REPLIES
Venkatesh BL
Honored Contributor
Solution

Re: Command to check user locked

I think the 'password' field in the passwd file [command: vipw] will contain either a "*" or "Nologin" for such users. Please check.
Rob Leadbeater
Honored Contributor

Re: Command to check user locked

Hi,

If you're using Enhanced Security, then you should be able to use edauth to look for the u_lock attribute for the user.

http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V51B_HTML/MAN/MAN8/0142____.HTM

Hope this helps,

Regards,

Rob
Martin Moore
HPE Pro

Re: Command to check user locked

Let me also point out that in Enhanced Security, there is a difference between "locked" and "disabled". "Locked" means that the administrator has explicitly locked out the account, and this is indicated by the presence of the u_lock field (without a trailing "@" character) in the edauth output for that user.

"Disabled" means that the system won't let a user log in; they get the message "Account is disabled, see account administrator" or similar. An administrative lock is only one of several possible causes for an account to be disabled. Other causes include too many consecutive login failures, too long since the last login, password lifetime exceeded, and the user being marked as on vacation in the authentication database. (Does anyone actually use the vacation feature?)

To determine which of these is the problem, it's necessary to see the edauth output. If you're running Enhanced Security, you can post the output of "edauth -g username" here. (If you're worried about sharing encrypted passwords, you can X out the u_pwd and u_pwdict fields.)

Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details

SANJAY MUNDHRA
Regular Advisor

Re: Command to check user locked

Dear Ventakesh, Rob and Martin,

Thanks for the response, the system was suing C2 so the edauth commands helped a lot.

Wishing you all a Properous and Joyous 2009

Cheers,
Sanjay