HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
Showing results for 
Search instead for 
Did you mean: 

11.11 Pass aging defaults not in /etc/default/security


11.11 Pass aging defaults not in /etc/default/security

Hello all;

I am running a non trusted system that can not be converted to trusted. I know about the /etc/default/security file but there are no password aging options available in there.

reading the man for passwd I notice there is -s to display all the aging options and -n -w -x to set min warn max. I know that these are kept in the last two fields in the encrypted password. So there has to be a default file somewhere that has these standard values configured in them?? somewhere?? maybe??

So my question is: where is the file that sets the default configuration for password aging on a non trusted systems??

In 11.23 or 11iv2 these password aging settings are moved to the security file but in 11.11 I noticed that only settings related to password security are used in the security file for 11.11..

any help would be appreciated.

James R. Ferguson
Acclaimed Contributor

Re: 11.11 Pass aging defaults not in /etc/default/security

Hi Shane;

You can convert to a shadow password file on 11.11, too by adding:



Esteemed Contributor

Re: 11.11 Pass aging defaults not in /etc/default/security

For non trusted system, the info is kept in file /etc/shadow. You can cat the file and see all the info in it. (for root only)

Re: 11.11 Pass aging defaults not in /etc/default/security

ok Yes I have heard of using a shadow file. But my question still remains. Where does the shadow file or password file get the password aging default values?? I need to modify password aging and I would not want to do it on a user by user basis.

I am looking to modify the min max and warn aging entries. I do see that the man page for passwd says warn is only available for trusted. However doing a passwd -s -a I can see how the password aging defaults are set. but what file keeps the defaults??
Occasional Visitor

Re: 11.11 Pass aging defaults not in /etc/default/security

can you check the /etc/default/security file
Esteemed Contributor

Re: 11.11 Pass aging defaults not in /etc/default/security

I think non trusted server there is no default aging dates for users. Not in /etc/security either. It is all blank and you need to set them up manually by passwd command when the user is created.
James R. Ferguson
Acclaimed Contributor

Re: 11.11 Pass aging defaults not in /etc/default/security


In the legacy '/etc/passwd' file, aging can be defined when the encrypted password is followed by a comma and a non-null string of characters.

See the manpages for 'passwd(4)'.


Steven E. Protter
Exalted Contributor

Re: 11.11 Pass aging defaults not in /etc/default/security


Aging defaults can be set a number of ways.

The default is 63 days, if memory serves me correctly.

You can set the system default on a non-trusted system with the sam utility.

You can change users individually this way as well.

You can also use the passwd command to set user expiration policy user by user with a shell script.

In a non-trusted system, as stated above, the password is stored, encrypted in /etc/passwd

See this file for what you should expect with the /etc/default/security file and what you can do.

Steven E Protter
Owner of ISN Corporation
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com