- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- which file holds passwd expiry default info for ne...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 11:34 PM
тАО09-26-2007 11:34 PM
Security auditors want to see details of the file that sets the default password ageing when adding new users. I can create a template for SAM to use, which includes 52 weeks before expiry, for new users created - but - I cant then find a file on the system that reflects this.
Any ideas please gurus?
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 11:41 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 11:46 PM
тАО09-26-2007 11:46 PM
Re: which file holds passwd expiry default info for new user accounts?
I couldn't see anything in the sam log to suggest which file it was - it only seems to record the fact that I've changed it.
Regards,
"Jim"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 11:47 PM
тАО09-26-2007 11:47 PM
Re: which file holds passwd expiry default info for new user accounts?
file is /etc/default/security
man security
u need to create/edit the file(see below)
The passwd -x option can be used to override this value
for a specific user.
PASSWORD_MAXDAYS=N A new password is valid for up to
N days, after which the password must be changed.
Default value: PASSWORD_MAXDAYS=-1 password aging is
turned off.
PASSWORD_MINDAYS
If the ShadowPassword bundle is installed, this
parameter controls the default minimum number of days
before a password can be changed. This parameter
applies only to local users and does not apply to
trusted systems. The passwd -n option can be used to
override this value for a specific user.
PASSWORD_MINDAYS=N A new password cannot be changed
until at least N days since it was last changed.
Default value: PASSWORD_MINDAYS=0
PASSWORD_WARNDAYS
If the ShadowPassword bundle is installed, this
parameter controls the default number of days before
password expiration that a user is to be warned that
the password must be changed. This parameter applies
only to local users on Shadow Password systems. The
passwd -w option can be used to override this value for
a specific user.
PASSWORD_WARNDAYS=N Users are warned N days before
their password expires.
Default value: PASSWORD_WARNDAYS=0 (no warning)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 11:51 PM
тАО09-26-2007 11:51 PM
Re: which file holds passwd expiry default info for new user accounts?
In the /etc/passwd file.
Have a look at this doc.
Title: How does password aging on non-trusted systems work?
Document ID: emr_na-c00904837-4
Last Modified Date: Fri Mar 23 06:00:00 CET 2007
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c00904837-4
Regards,
Robert-Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 11:56 PM
тАО09-26-2007 11:56 PM
Re: which file holds passwd expiry default info for new user accounts?
Part of the issue I think is that, having applied a profile to creating new users, and having created one, I can see in the /etc/passwd file that it now has the extra few characters to indicate password ageing is active - but - even though I have an /etc/default/security file, no entry has been added to it to indicate password expiry settings (if this makes sense to any of you).
I'll go and try removing the SAM template for password expiry, adding the suggested variable to the security file, then creating a test user again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-27-2007 12:13 AM
тАО09-27-2007 12:13 AM
Re: which file holds passwd expiry default info for new user accounts?
The sam log does record my creating a new profile (which includes passwd expiry setting), but (shame!) doesn't actually tell me where it hides this information.
Hey-ho!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-27-2007 12:16 AM
тАО09-27-2007 12:16 AM
Re: which file holds passwd expiry default info for new user accounts?
Entering Task Manager with task UG_ADD_TEMPLATE.
@!@2@1190894716@0
Performing task "Add New User Template".
@!@1@1190894716@0
Saving user templates to disk.
@!@8@1190894716@0
Entering Task Manager with task UG_SAVE_TEMPLATES.
@!@2@1190894716@0
Performing task "Save User Templates".
@!@8@1190894716@0
Exiting Task Manager with task UG_SAVE_TEMPLATES.
@!@1@1190894716@0
Successfully saved user templates to disk.
@!@8@1190894716@0
Exiting Task Manager with task UG_ADD_TEMPLATE.
@!@1@1190894716@0
Successfully added new user template "paul".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-27-2007 12:33 AM
тАО09-27-2007 12:33 AM
Re: which file holds passwd expiry default info for new user accounts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-27-2007 12:43 AM
тАО09-27-2007 12:43 AM