Security
cancel
Showing results for 
Search instead for 
Did you mean: 

how to check locked user ids in 4.0 and 5.1 Version of tru64 ?

gabbi007in
Occasional Contributor

how to check locked user ids in 4.0 and 5.1 Version of tru64 ?

Can u pls tell me that how can i check the user ids which are locked in the systems ?
2 REPLIES
Ivan Ferreira
Honored Contributor

Re: how to check locked user ids in 4.0 and 5.1 Version of tru64 ?

Check your /etc/passwd file, you will see a Nologin in the password field:

uucp:Nologin:4:2:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico


Also use edauth -g username:

edauth -g gpguser
gpguser:u_name=gpguser:u_id#209:u_pwd=QOAlL90xpIpfw:u_succhg#1122982332:\
:u_pwchanger=root:u_pwdict=^B:u_oldcrypt#0:u_retired:\
:u_lock@:chkent:

See the u_lock field, if the field has the "@" symbol, the account is NOT locked.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Martin Moore
HPE Pro

Re: how to check locked user ids in 4.0 and 5.1 Version of tru64 ?

We need to be a little careful about terminology here. People often talk about an account being "locked" when they really mean "disabled". "locked" has a specific, narrow meaning: the account has been administratively locked by the superuser. As Ivan pointed out, you can determine whether an account has been locked in this way by the presence of "u_lock" (without the "@" negation operator) in the edauth output for that user.

A "disabled" account is one in which the system is not allowing the user to log in, returning the message "Account is disabled". A locked account is disabled, but a disabled account is not necessarily locked. There are a total of five possible causes for a disabled account:

1. The account is administratively locked.

2. The user is on vacation, as defined by the "u_vacation" field in the protected password entry. I have yet to see anyone use this feature.

3. The user's password has exceeded the allowable password lifetime (hasn't been changed in seconds).

4. Too much time has passed since the user last logged in (more than seconds). Note that (3) and (4) often go hand-in-hand -- if you haven't logged in for a very long time, you probably haven't changed your password.

5. The user has too many login failures since the last successful login (u_numunsuclog is greater than or equal to u_maxtries).

Hope this helps.
Martin
I work for HP
A quick resolution to technical issues for your HP Enterprise products is just a click away HP Support Center Knowledge-base
See Self Help Post for more details