HPE Community
Operating System - HP-UX
1753747 Members
5106 Online
108799 Solutions
New Discussion юеВ

Semi-Global Password Expiration

 
SOLVED
Go to solution
Brian Atkins
Advisor

тАО11-07-2000 12:24 PM

тАО11-07-2000 12:24 PM

Semi-Global Password Expiration

I have a new system with approximately 750 users. Nearly all of the user accounts were imported from the legacy system and I would like to expire all of the imported users passwords without affecting the root, SA and developer accounts.
I could not locate anything in SAM except a global expiration, which would affect everyone.
0 Kudos
Reply
5 REPLIES 5
Rick Garland
Honored Contributor

тАО11-07-2000 12:30 PM

тАО11-07-2000 12:30 PM

Re: Semi-Global Password Expiration

You could write a script that will parse the /etc/passwd file (say, by UID) and then put a '*' in the passwd field of the acct record.

If any modifications are going to take place, first and foremost, make a copy of the passwd file so as to have the original handy.
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

тАО11-07-2000 12:33 PM

тАО11-07-2000 12:33 PM

Solution

Re: Semi-Global Password Expiration

You could write a script that would expire passwords for specific users:

for user in `cat /tmp/userlist`
do
passwd -f $user #force users to change pw
done

where /tmp/userlist will contain the list of users whose passwords you want to expire. An easy way to generate /tmp/userlist is:

cat /etc/passwd | awk -F: '{ print $1 }'

then go in and remove the accounts (eg root sysadmin etc. that you do not want in the list)

if it is easier, you could maintain an exception list and re-write the script accordingly.
nothing wrong with me that a few lines of code cannot fix!
Reply
Brian Atkins
Advisor

тАО11-07-2000 12:34 PM

тАО11-07-2000 12:34 PM

Re: Semi-Global Password Expiration

We are operating on a Trusted System, so '*' is already in the password column.
0 Kudos
Reply
Brian Atkins
Advisor

тАО11-07-2000 12:41 PM

тАО11-07-2000 12:41 PM

Re: Semi-Global Password Expiration

The AWK idea work great. Thanks!
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО11-07-2000 12:43 PM

тАО11-07-2000 12:43 PM

Re: Semi-Global Password Expiration

Then do the passwd -f command.

This will expire the acct and force a change at next login.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.