Showing results for 
Search instead for 
Did you mean: 

Re: /etc/default/security versus /var/adm/userdb

Go to solution
Super Advisor

/etc/default/security versus /var/adm/userdb

"security" is system wide while "userdb" will individually override "security". Can anyone give a good case for allowing the use of userdb, i.e., is it used for "roles"?



Super Advisor

Re: /etc/default/security versus /var/adm/userdb

You'd think, that with 20+ views, an answer would be forthcoming. Or is everyone just "cherry picking" Q&A postings?

Honored Contributor

Re: /etc/default/security versus /var/adm/userdb

Example 1:

You have an application that is being run on a particular user account. The application requires that the account must not be disabled, but nobody is supposed to directly login to that account. You have used sshd_config, PAM configuration and/or other means to prevent anybody from directly logging on as the application user.


There is a requirement that all users' passwords must expire in 90-day intervals. After implementing this system-wide using /etc/default/security, this requirement applies to the application user too. So now you have a time-bomb in your system: you must refresh the password on the application user account, even though you have blocked any possibility to actually login with that account. If you don't do this, the application stops working.


Solution: after a careful consideration and documentation of your precautions, use userdb to waive the 90-day password renewal requirement for the application user account only.


Example 2:

You have a standard policy that requires all users' passwords to expire in 90-day intervals, implemented in /etc/default/security.

Then the cranky old CIO says: "I don't want to deal with this. Make it so I don't have to."

Super Advisor

Re: /etc/default/security versus /var/adm/userdb

Thx. Just needed some outside confirmation. Unfortunately, management doesn't "trust" its own people; they need to see the answer coming from an impartial, external source to believe it.