Re: 11.11 Pass aging defaults not in /etc/default/security

Shane A. Miller · ‎03-30-2010

Hello all;

I am running a non trusted system that can not be converted to trusted. I know about the /etc/default/security file but there are no password aging options available in there.

reading the man for passwd I notice there is -s to display all the aging options and -n -w -x to set min warn max. I know that these are kept in the last two fields in the encrypted password. So there has to be a default file somewhere that has these standard values configured in them?? somewhere?? maybe??

So my question is: where is the file that sets the default configuration for password aging on a non trusted systems??

In 11.23 or 11iv2 these password aging settings are moved to the security file but in 11.11 I noticed that only settings related to password security are used in the security file for 11.11..

any help would be appreciated.

Shane

James R. Ferguson · ‎03-30-2010

Hi Shane;

You can convert to a shadow password file on 11.11, too by adding:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

Regards!

...JRF...

Tingli · ‎03-30-2010

For non trusted system, the info is kept in file /etc/shadow. You can cat the file and see all the info in it. (for root only)

Shane A. Miller · ‎03-30-2010

ok Yes I have heard of using a shadow file. But my question still remains. Where does the shadow file or password file get the password aging default values?? I need to modify password aging and I would not want to do it on a user by user basis.

I am looking to modify the min max and warn aging entries. I do see that the man page for passwd says warn is only available for trusted. However doing a passwd -s -a I can see how the password aging defaults are set. but what file keeps the defaults??

jayeshkumar · ‎03-30-2010

can you check the /etc/default/security file

Tingli · ‎03-30-2010

I think non trusted server there is no default aging dates for users. Not in /etc/security either. It is all blank and you need to set them up manually by passwd command when the user is created.

James R. Ferguson · ‎03-30-2010

Hi:

In the legacy '/etc/passwd' file, aging can be defined when the encrypted password is followed by a comma and a non-null string of characters.

See the manpages for 'passwd(4)'.

Regards!

...JRF...

Steven E. Protter · ‎03-30-2010

Shalom,

Aging defaults can be set a number of ways.

The default is 63 days, if memory serves me correctly.

You can set the system default on a non-trusted system with the sam utility.

You can change users individually this way as well.

You can also use the passwd command to set user expiration policy user by user with a shell script.

In a non-trusted system, as stated above, the password is stored, encrypted in /etc/passwd

See this file for what you should expect with the /etc/default/security file and what you can do.
http://docs.hp.com/en/B3920-90091/ch11s03.html

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: 11.11 Pass aging defaults not in /etc/default/security

11.11 Pass aging defaults not in /etc/default/security