HPE Community
Operating System - HP-UX
1753852 Members
9746 Online
108808 Solutions
New Discussion юеВ

Re: MODPRPW password aging - redux..

 
SOLVED
Go to solution
rmueller58
Valued Contributor

тАО05-14-2009 07:53 AM

тАО05-14-2009 07:53 AM

MODPRPW password aging - redux..

All,

I have a school district I need to force a warning and day to expire, with a password life of 90 days.. I don't want to do force expire..

Can someone provide the
/usr/lbin/modprpw command to do that..

Say I want to force the expiration in 5 days with 5 days warning, and have then set the password life to 90..

My initial script is such
while read UUNAME X
do
/usr/lbin/modprpw -e -m exptm=120 ${UUNAME}
done < /tmp/esupass2.txt

if I use the -e it zeros time to change and locks the account. I believe I want to modify using the -l

Can someone provide insight, suggestions or methods? I'd appreciate it..

Rex
0 Kudos
12 REPLIES 12
Tingli
Esteemed Contributor

тАО05-14-2009 08:04 AM

тАО05-14-2009 08:04 AM

Re: MODPRPW password aging - redux..

For a trust system, you can do it by editing file /etc/default/security.

For a normal system, you can use command:

passwd -m -x -n ... to set them up.
0 Kudos
rmueller58
Valued Contributor

тАО05-14-2009 09:22 AM

тАО05-14-2009 09:22 AM

Re: MODPRPW password aging - redux..

Tingli,

i have to do it by users, I can't define it by system, because the system houses multiple districts with differing policies.

I need to do it with the modprpw command from a userlist for each district.

I wish I could do it systemwide, but the political climate varies from school to school..
0 Kudos
OldSchool
Honored Contributor

тАО05-14-2009 12:22 PM

тАО05-14-2009 12:22 PM

Solution

Re: MODPRPW password aging - redux..

them two examples at the bottom of the man page seem to indicate that you may only need:

/usr/lbin/modprpw -m exptm=120 ${UUNAME}

as the -l makes the change for local user while -n is available for nis.

the examples show:
modprpw -m mintm=12,syspnpw=NO,syschpw=YES someusr
-and-
modprpw -m timeod=Mo1700-2100,Fr1700-2100,Su0500-0900 joeblow

both of which modify parms on existing users.

I can't test it, but you might try dummying up an account an give it a shot???



0 Kudos
rmueller58
Valued Contributor

тАО05-14-2009 12:33 PM

тАО05-14-2009 12:33 PM

Re: MODPRPW password aging - redux..

Thanks OldSchool, I was trying to pass the -m multiple times, forgot about the ','
field1=var,field2=var

I don't want to expire now, I want to "warn" and expire in X days..

I am thinking it should look like this..

modprpw -m exptm=X,expwarn=Y username

0 Kudos
rmueller58
Valued Contributor

тАО05-20-2009 11:40 AM

тАО05-20-2009 11:40 AM

Re: MODPRPW password aging - redux..

One quick final question

I am re-do one of our districts to get on a 90 password life time.

I want to use the modprpw to do it.. My thought is using the following command to read a user list in from STDIN,

/usr/lbin/modprpw ├в e -m lftm=90,exptm=5,expwarn=5 ${UUNAME}
done < mpsuser.txt

My question is do I need the "exptm?" If I am forcing with a "-e" ?

exptm=value

database u_exp=(value*86400).

Set password expiration time interval (days). 0 = expired. Same as non-trusted mode maximum time.


0 Kudos
Sajjad Sahir
Honored Contributor

тАО05-20-2009 10:34 PM

тАО05-20-2009 10:34 PM

Re: MODPRPW password aging - redux..

Dear Rex

if u system is trusted u can use modprpw and getprpw etc...this is available only in trusted system

thanks and regards

Sajjad Sahir
0 Kudos
rmueller58
Valued Contributor

тАО05-21-2009 05:09 AM

тАО05-21-2009 05:09 AM

Re: MODPRPW password aging - redux..

Sajjid, yes we have a trusted system. My question remains:

My question is do I need the "exptm?" If I am forcing with a "-e" ?

0 Kudos
OldSchool
Honored Contributor

тАО05-21-2009 07:08 AM

тАО05-21-2009 07:08 AM

Re: MODPRPW password aging - redux..

"/usr/lbin/modprpw -m lftm=90,exptm=5,expwarn=5 "

I doubt it. this appears to require the password change every 5 days, and you get five days warning...at 90 days, the account locks.

Assuming you want the users to change their passwords every 90 days and get warned 5 days before, something like:

/usr/lbin/modprpw -e -m exptm=90,expwarn=5

appears to be what you want.

the -e should force them to change their password the next time they attempt to login.
the exptm will required changes every 90 days going forward
the expwarn should give them 5 days notice
(however I've not tested this)
======================================================

"I want to use the modprpw to do it.. My thought is using the following command to read a user list in from STDIN,

/usr/lbin/modprpw -e -m lftm=90,exptm=5,expwarn=5 ${UUNAME}
done < mpsuser.txt"

uh...no. modprpw only wants one user name. you will have to write a little script the reads your file and loops, running modprpw once for each user read.

0 Kudos
rmueller58
Valued Contributor

тАО05-21-2009 07:20 AM

тАО05-21-2009 07:20 AM

Re: MODPRPW password aging - redux..

Old School,

That is the ticket!!

I Want to force a change now, then at Day 85 of 90 I want to WARN users of the pending action again..

I do have a WHILE script written to cat the username into the command..

while read UUNAME X
do
/usr/lbin/modprpw -m exptm=90,expwarn=5 ${UUNAME}
done < mpsuser.txt


My question is do I need to set the EXPWARN at Day 85 (i.e. expwarn=85, or expwarn=5)


Your thoughts? Don't want an annoying Warning for 85 days.


0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.