Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

OSF1 V4.0 Password Expiry

David Ovington
Occasional Visitor

OSF1 V4.0 Password Expiry

Hi,

I have a system with BASE security enabled, how do passwords expire on this level ?
All the documentation suggests that this is only a feature with ENHANCED security enabled.
But I have a user on BASE whose passwords expire, I need to handle this in a 'C' daemon process I have written.

Many Thanks.
7 REPLIES
Paul_504
Frequent Advisor

Re: OSF1 V4.0 Password Expiry

Hi David

Firstly, has the system ever had Enhanced Security enabled on it? Was it built and let be at default Base Security?

See, with Enhanced security, the system takes scalar values and adds these to certain events, like logins, password changes etc. It compares the present value with the last recorded value, and if these values exceed the default limit given, it takes the action of either locking or disabling the account. Enhanced security works on databases, which Base security doesn't. Base security uses only the passwd file for authentication, and the group file for authorization.

If the system had run Enhanced security before, and it is now disabled, these values don't take effect though until a reboot is done, and thus a password can still be locked.

Have you tried just changing the user's password, and having them reset it again?
David Ovington
Occasional Visitor

Re: OSF1 V4.0 Password Expiry

Hi Paul,

thanks for the reply,

the system has always run in BASE mode, it is ongoing that passwords timeout and users just change them as requested. This has only now become an issue as we are now authentication the logins through our daemon (using crypt() etc).

As the documentation shows no sign of any expiry options in BASE mode I am now wondering if someone has implemented a manual method via /etc/profile, so will head down these lines for now....
Paul_504
Frequent Advisor

Re: OSF1 V4.0 Password Expiry

Hi David

If you find out, please let me know as I'd like to know what could have caused this as I've never before encountered it.

I'm unfamiliar with the (crypt()) function, but have been wondering whether you've considered ssh as a standard for authentication. If you have or haven't, or would like to know where to get the subset from, let me know. I'll happily assist where I can.

Good luck with the password problem.
Johan Brusche
Honored Contributor

Re: OSF1 V4.0 Password Expiry


Is the user section of your passwd file local, or maybe it uses NIS and the NIS master is using an expiry mechanism.

Johan.

_JB_
David Ovington
Occasional Visitor

Re: OSF1 V4.0 Password Expiry

Hi folks,

turns out it WAS being handled manually in .profile, a file was being 'touch'ed with the same name as the login id whenever a password was changed, on subsequent logins the date of this file was being checked to see if it was over 80 days old. If this was the case 'passwd' was automatically being run and upon exit status '0' the loginid file was re'touch'ed with the current date.

Sorry to send anyone up a blind alley !

Thanks.
Mark_399
Occasional Advisor

Re: OSF1 V4.0 Password Expiry

It's not very effective forcing users to reset their passwords on Tru64 base, as they can just reset it to the same password again...
: )
Paul_504
Frequent Advisor

Re: OSF1 V4.0 Password Expiry

Hi David

We've tried to refine our environment to as secure as possible, among which we've enabled Enhanced Security with ssh authentication and login. If you'd like to consider this option some time, let me know and I'll help you every step of the way.

Regards