- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Password Expiry Period
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-24-2019 08:36 AM
тАО07-24-2019 08:36 AM
Password Expiry Period
We are running trusted HPUX servers and we need to set password expiry for user accounts to 60 days and for application accounts to 365 days.
I would like to set one of these globally and then the other one manually per account. I guess as there are more user accounts than application accounts this might be easier to have the 60 days for them as default which is then overwritten by the 365 days for application accounts.
Can this be done and how? HP11-31 is the operating system.
Many thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-24-2019 11:16 PM
тАО07-24-2019 11:16 PM
Re: Password Expiry Period
There are a number of non-user and non-app logins that are part of HP-UX. So changing every entry in /etc/passwd may create some problems later on. You'll need to setup a list of user IDs (users and apps) that need changing and then script the expiration values accordingly. You don't want user IDs such as bin, sys, adm, lp, cimsvr, etc to expire.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-25-2019 08:49 AM
тАО07-25-2019 08:49 AM
Re: Password Expiry Period
Hi,
These variables are in /etc/default/security:
# PASSWORD_MAXDAYS=175
# PASSWORD_MINDAYS=14
If these are set is it possible to overide them on an individual user account basis?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2019 05:16 AM
тАО07-26-2019 05:16 AM
Re: Password Expiry Period
Hi Mark,
Good Day. Here is my response.
We are running trusted HPUX servers and we need to set password expiry for user accounts
to 60 days and for application accounts to 365 days.
I would like to set one of these globally and then the other one manually per account.
I guess as there are more user accounts than application accounts this might be easier
to have the 60 days for them as default which is then overwritten by the 365 days for
application accounts.
Can this be done and how? HP11-31 is the operating system.
Ans: Your requirement is almost similar to https://community.hpe.com/t5/Security/How-to-set-Password-expiration-date-on-HP-UX/td-p/4283282#.XTrZwfIzbX4
##As per your statement, the node is in "trusted".
## So. modifying the following parameter is only applicable for non-trusted.
/etc/default/security:
# PASSWORD_MAXDAYS=175
# PASSWORD_MINDAYS=14
Refer "man" page of "modprpw" - https://nixdoc.net/man-pages/HP-UX/man1m/modprpw.1m.html
modprpw flag database equivalent
============== ====================
mintm=value u_minchg
exptm=value u_exp).
lftm=value u_life.
expwarn=value u_pw_expire_warning
umaxlntr=value u_maxtries
u_minchg This field specifies the minimum password change
time in seconds. If non-zero, the password cannot be
changed until the specified number of seconds since the
last successful password change have passed unless the
person changing the password is authorized to
override this constraint.
u_exp This field is a time_t value that specifies when the
account password will expire. When a password expires,
system authentication programs will request that the
password be changed when the user logs into the system.
If the password lifetime expires before the password is
changed, the account will be locked.
u_life This field is a time_t value that specifies the
lifetime of a password. If this time is reached, the
account will be locked and can only be unlocked by an
authorized system administrator.
u_pw_expire_warning
This value, in seconds, is the time at which a warning
will appear prior to the expiration of the users
password.
u_maxtries This field specifies the maximum number of consecutive
unsuccessful login attempts to the account that are
permitted until the account is locked.
## You can use the following command to show what system wide defaults are in place:
# /usr/lbin/getprdef -p
## Refer https://community.hpe.com/t5/Security/difference-between-getprpw-and-getprdef/td-p/6988282#.XTraxPIzbX4 to know
the difference between getprpw and getprdef.
Hope this helps.
Thanks & Regards,
Manjunath Navada
HPE