- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Going trusted - what accounts will expire?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2006 05:23 AM
тАО07-13-2006 05:23 AM
I have an 11.00 test system, but it only has a few accounts on it. Going trusted does not expire all accounts... but it does some. How can I determine which accounts will expire and which will not? My production system has over 1,500 accounts.
I searched and found several threads similar to this, but none could define /exactly/ which accounts will be forced to change their passwords, and which will not. What's the algorithm?
Just some more data - currently, I enter trusted mode via SAM. It does not prompt me to expire all passwords as part of this process, it just says "Ok" when its done. When the process is complete, Password Aging remains disabled. On the SAM -> Password Aging Policies screen I have the option enabling agins=g as well as Expiring All passwords. I will definitely be enabling password aging. I think I'd like to skip expiring all passwords, if I can.
Thanks in advance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2006 05:26 AM
тАО07-13-2006 05:26 AM
Re: Going trusted - what accounts will expire?
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2006 05:27 AM
тАО07-13-2006 05:27 AM
Re: Going trusted - what accounts will expire?
There is a report on passwords passwd -sa that can give you an idea of the status of passwords.
The default is 90 days. Any account that has not had a password change during that period risks being expired.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2006 05:27 AM
тАО07-13-2006 05:27 AM
Re: Going trusted - what accounts will expire?
It is my understanding that using SAM to do the conversion is not supposed to expire all passwords. Are you saying that you have experience to the contrary?
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2006 05:34 AM
тАО07-13-2006 05:34 AM
Re: Going trusted - what accounts will expire?
test1 was forced to change their password on next login.
test2 was set to expire in 1 day/week (passwd -x 1 test2)
test3 was locked.
After the trusted conversion via SAM, none of the test accounts were expired (well, test3 couldn't login, obviously). However, my personal system account was.
Now - I don't recall if I had set password expiry on my account. However, after the trusted conversion, system-wide password expiry was disabled, anyway. I don't understand why my personal account expired.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2006 12:21 PM
тАО07-13-2006 12:21 PM
Re: Going trusted - what accounts will expire?
tsconvert -c
/usr/lbin/modprpw -V
This will convert the system and then refresh the expiration date for every login.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-14-2006 04:53 AM
тАО07-14-2006 04:53 AM
SolutionRegarding why the conversion can expire passwords, the reason is that the password complexity rules can differ between standard mode and trusted mode. Since it is not possible to decrypt UNIX passwords in any practical way, the only way to be sure that the new complexity rules are followed soon after the conversion is to force everyone to change their passwords, at which time the new passwords can be tested for compliance with the newly configured complexity rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-14-2006 06:59 AM
тАО07-14-2006 06:59 AM