System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Disabling password aging - HPUX 11.31

PatRoy
Regular Advisor

Disabling password aging - HPUX 11.31

Hi.

Running HPUX 11.31... in UNtrusted mode.

I'm trying to disable password aging for one particular user. If I try setting PASSWORD_MAXDAYS in SMH to -1, like it says to disable it (i.e. -1...441 Maximum number of days that a password is valid (-1=Disable aging), I keep getting the following error:

The user value for PASSWORD_MAXDAYS is out of range.

If I try with userdbset:

userdbset -u username PASSWORD_MAXDAYS=-1

I get: Unknown attribute : PASSWORD_MAXDAYS

Why?? What gives?? I've got SMH A.2.2.9.1 installed.

Regards, Pat


7 REPLIES
Avinash20
Honored Contributor

Re: Disabling password aging - HPUX 11.31

Are you using shadow password file since there was an issue where /etc/default/security
overrides /etc/shadow
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
PatRoy
Regular Advisor

Re: Disabling password aging - HPUX 11.31

Nope. Ain't using shadow. Passwords are encrypted within /etc/passwd.

SHould I be using shadow?
Avinash20
Honored Contributor

Re: Disabling password aging - HPUX 11.31

No, its not required.
Might be there is some other issue
You need to wait for our experts to revert to your issue,
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Dennis Handly
Acclaimed Contributor

Re: Disabling password aging - HPUX 11.31

>Why?? What gives??

You could always use vipw(1m) to remove the aging subfield out of the password field. From the comma to the end.
PatRoy
Regular Advisor

Re: Disabling password aging - HPUX 11.31

Here's a note I've got from HP after submitting a case for it...



>>> HPSupport_AM 14/01/2009 3:38 pm >>>

FR: alonso_baldioceda

Patrick,

There is an Enhancement request filed with the reference number QXCR1000821184 to resolve this issue.

As per the manual pages of passwd(1) and security(4), setting PASSWORD_MAXDAYS=-1 will disable the password aging. But values specied in system-wide configuration file /etc/default/security do not take effect. So it is no possible disable password aging per user overriding the system default to use password aging.

Unfortunately there is no a fix currently and there is no a release date for the patch.


Thanks,
Alonso

======================

My original note:


Running HPUX 11.31 on an Untrusted system and trying to disable password aging for 1 user from the SMH web interface. Not yet running with shadow passwords.

Just like it says for PASSWORD_MAXDAYS: -1...441 Maximum number of days that a password is valid (-1=Disable aging)

I did exactly that. Put in -1. It keeps telling me -1 out of range???

Now if I go into the tui version of SMH, I read the following warning:

The per user value for the security attributes PASSWORD_MINDAYS, PASSWORD_MAXDAYS and PASSWORD_WARNDAYS cannot be removed individually.

How are we supposed to disable password aging for 1 user only? PASSWORD_MAXDAYS is set to 60 in /etc/default/security.

OldSchool
Honored Contributor

Re: Disabling password aging - HPUX 11.31

OK....the PASSWORD_MAXDAYS and whatnot are in the default security files. They are applied when the user is first created and then not referenced. Disabling them w/ -1 will only apply to users created after the change.

I have no clue what userdbset does, so I can't comment on why you see the results you do.

For a specific user, you can:

a) remove the aging information for an individual user using "vipw" as Dennis noted. in the following example:

testusr:asdcasd,asd:.......

you would want that to read:

testusr:asdcasd:.......

or:

b)as "root", you can try:

passwd testusr -n 0 -x 0

NOTE:
I prefer the "vipw" method, as I *know* that will work
Javed Khan_1
Valued Contributor

Re: Disabling password aging - HPUX 11.31

Hi,

remove password aging field from password i.e after comma

if you are not familiar with editing /etc/passwd

use SAM to disable password aging

SAM-Accounts for Users and Groups-Local users-select account-Modify password option -set password option to No Restrictions (Normal Behavior)

Javed
Never Give Up