HPE Community
Operating System - HP-UX
1753746 Members
5072 Online
108799 Solutions
New Discussion юеВ

Re: getprpw and SAM

 
Elena Leontieva
Esteemed Contributor

тАО04-30-2008 08:11 AM

тАО04-30-2008 08:11 AM

getprpw and SAM

Hi,

When I run
/usr/lbin/getprpw -l -r -m exptm enleonti
-1

I am getting -1 i.e this field does not exist in a database, but the SAM shows 90 days. Why the command does not work?
HP-UX 11.23 ia64

Thanks!

0 Kudos
Reply
5 REPLIES 5
Sameer_Nirmal
Honored Contributor

тАО04-30-2008 09:34 AM

тАО04-30-2008 09:34 AM

Re: getprpw and SAM

The getprpw command is intended for SAM use only. It's mentioned in the man page.

You can try to without "-m" option to see if it give you all the parameters values.
0 Kudos
Reply
Elena Leontieva
Esteemed Contributor

тАО04-30-2008 10:23 AM

тАО04-30-2008 10:23 AM

Re: getprpw and SAM

I see.. But the security audit wants me to run this command. Also, on the other server (HP-UX 11.11) I get the valid output.
0 Kudos
Reply
John McWilliams_1
Frequent Advisor

тАО04-30-2008 12:48 PM

тАО04-30-2008 12:48 PM

Re: getprpw and SAM

I had this same problem with a different parameter so I went into SAM, changed the value and confirmed the new value with getprpw. I then went back into SAM and changed it back to the one I wanted. I ran getprpw adain and it was then showing the correct value.

Cheers John
0 Kudos
Reply
David Child_1
Honored Contributor

тАО04-30-2008 01:19 PM

тАО04-30-2008 01:19 PM

Re: getprpw and SAM

Hello Elena,

Actually the '-1' means that your account is using the "default" value set for exptm. The default is kept in /tcb/files/auth/system/default. The field in this file is 'u_exp'.

u_exp is in seconds I believe so for example;

u_exp#7776000 = (((7776000 / 60)/60)/24) = 90 days.

As already mentioned, these tools are really only supported via SAM. We use them all the time in scripts, but it's unsupported.

David
0 Kudos
Reply
David Child_1
Honored Contributor

тАО04-30-2008 01:24 PM

тАО04-30-2008 01:24 PM

Re: getprpw and SAM

Sorry, forgot to mention that you can use 'man modprpw' for information on what parameters map to what database fields. Example;

exptm=value database u_exp=(value*86400).

Set password expiration time interval (days).
0 = expired. Same as non-trusted mode
maximum time.

It says here that u_exp=(value*86400). The value is your 'days'. So 90*86400=7776000. That's a bit easier to work with so just take your u_exp and divide by 86400 to get the number of days.

There is also additional information in the prpwd man page.

David
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.