HPE Community
Operating System - Tru64 Unix
1752755 Members
5017 Online
108789 Solutions
New Discussion юеВ

OSF1 V4.0 Password Expiry

 
David Ovington
New Member

тАО11-22-2004 10:37 PM

тАО11-22-2004 10:37 PM

OSF1 V4.0 Password Expiry

Hi,

I have a system with BASE security enabled, how do passwords expire on this level ?
All the documentation suggests that this is only a feature with ENHANCED security enabled.
But I have a user on BASE whose passwords expire, I need to handle this in a 'C' daemon process I have written.

Many Thanks.
0 Kudos
7 REPLIES 7
Paul_504
Frequent Advisor

тАО11-23-2004 12:21 AM

тАО11-23-2004 12:21 AM

Re: OSF1 V4.0 Password Expiry

Hi David

Firstly, has the system ever had Enhanced Security enabled on it? Was it built and let be at default Base Security?

See, with Enhanced security, the system takes scalar values and adds these to certain events, like logins, password changes etc. It compares the present value with the last recorded value, and if these values exceed the default limit given, it takes the action of either locking or disabling the account. Enhanced security works on databases, which Base security doesn't. Base security uses only the passwd file for authentication, and the group file for authorization.

If the system had run Enhanced security before, and it is now disabled, these values don't take effect though until a reboot is done, and thus a password can still be locked.

Have you tried just changing the user's password, and having them reset it again?
0 Kudos
David Ovington
New Member

тАО11-23-2004 01:29 AM

тАО11-23-2004 01:29 AM

Re: OSF1 V4.0 Password Expiry

Hi Paul,

thanks for the reply,

the system has always run in BASE mode, it is ongoing that passwords timeout and users just change them as requested. This has only now become an issue as we are now authentication the logins through our daemon (using crypt() etc).

As the documentation shows no sign of any expiry options in BASE mode I am now wondering if someone has implemented a manual method via /etc/profile, so will head down these lines for now....
0 Kudos
Paul_504
Frequent Advisor

тАО11-23-2004 01:53 AM

тАО11-23-2004 01:53 AM

Re: OSF1 V4.0 Password Expiry

Hi David

If you find out, please let me know as I'd like to know what could have caused this as I've never before encountered it.

I'm unfamiliar with the (crypt()) function, but have been wondering whether you've considered ssh as a standard for authentication. If you have or haven't, or would like to know where to get the subset from, let me know. I'll happily assist where I can.

Good luck with the password problem.
0 Kudos
Johan Brusche
Honored Contributor

тАО11-23-2004 01:58 AM

тАО11-23-2004 01:58 AM

Re: OSF1 V4.0 Password Expiry


Is the user section of your passwd file local, or maybe it uses NIS and the NIS master is using an expiry mechanism.

Johan.

_JB_
0 Kudos
David Ovington
New Member

тАО11-23-2004 02:03 AM

тАО11-23-2004 02:03 AM

Re: OSF1 V4.0 Password Expiry

Hi folks,

turns out it WAS being handled manually in .profile, a file was being 'touch'ed with the same name as the login id whenever a password was changed, on subsequent logins the date of this file was being checked to see if it was over 80 days old. If this was the case 'passwd' was automatically being run and upon exit status '0' the loginid file was re'touch'ed with the current date.

Sorry to send anyone up a blind alley !

Thanks.
0 Kudos
Mark_399
Occasional Advisor

тАО11-23-2004 08:41 AM

тАО11-23-2004 08:41 AM

Re: OSF1 V4.0 Password Expiry

It's not very effective forcing users to reset their passwords on Tru64 base, as they can just reset it to the same password again...
: )
0 Kudos
Paul_504
Frequent Advisor

тАО11-23-2004 06:24 PM

тАО11-23-2004 06:24 PM

Re: OSF1 V4.0 Password Expiry

Hi David

We've tried to refine our environment to as secure as possible, among which we've enabled Enhanced Security with ssh authentication and login. If you'd like to consider this option some time, let me know and I'll help you every step of the way.

Regards
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.