Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 


Go to solution


Hi guys,

               Im configuring security parameters on some hpux v2 servers and as per the client request, they want to have dormant account disabled after some period of days and through my research i came across this command "usermod –f 10 username" but this command is usded on individual users but they want to configure it like they have on their Sun Solaris boxes where by a script is been writen on the system that will bind any user that is created on the system. So can i have a script in hpux that i can put in a file that will disable dormant account after some period of time without using this command on the individual users ??

Dennis Handly
Acclaimed Contributor


Is this system with default, enhanced or trusted security?


hio boss,

                 if i may understand you clearly there is one security configuration that require me changing the system into trusted mode which i deed so curently the system is in a trusted mode.hope ive given you the information you need.

Honored Contributor


In trusted mode, global default values for account aging parameters are stored in /tcb/files/auth/system/default.

The easiest way to modify the defaults would be to use SAM (Auditing and Security -> System Security Policies -> General User Account Policies -> Lock Inactive Accounts), but you also could use the /usr/lbin/modprdef command:

/usr/lbin/modprdef -m llog=10

 See also: "man prpwd", "man security", "man modprpw", "man getprpw".


In trusted mode, each user can optionally have custom settings that override the system-wide defaults. Only root (or some user authorized to use Restricted SAM, or a RBAC-privileged user if you use RBAC) can configure those custom settings. For example, if the CEO (account: bigboss) requires a different aging time value, you could run:

/usr/lbin/modprpw -m llog=20 bigboss

Setting any modprpw attribute to "-1" means "use the system-wide defaults for this user".