- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Password Life scripting -- modprpw
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2008 06:51 AM
тАО12-03-2008 06:51 AM
I am wanting to work out the command for doing the district in question, I can get the users based on the HOMEDIR because we have segregated districts in this way,
/home/$DIST/$user
1st, question what is the MODPRPW command to define password life?
Is it possible to read from a file containing those users in the districts in question?
such as
for uuname in `cat districtuser.txt`
do
/usr/lbin/modprpw -m mintm=
done
What is the commandline option for defining the mintm? I noticed in the man pages it is 86400? is that hours or minutes?
Anyone else have a method I'd appreciate the help..
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2008 07:04 AM
тАО12-03-2008 07:04 AM
SolutionThe 'modprpw' command applies to trusted systems.
> What is the commandline option for defining the mintm? I noticed in the man pages it is 86400? is that hours or minutes?
According to the manpages, the values are in days, althogh the database retains them in seconds. The value 86400 = (60*60*24) or the number of seconds in one day.
To read input, you could do:
while read UUNAME X
do
/usr/lbin/modprpw -m mintm=90 ${UUNAME}
done < districtuser.txt
...This assumes that each line of the input file contains a whitespace delimited account name as the first (perhaps only) field.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2008 07:24 AM
тАО12-03-2008 07:24 AM
Re: Password Life scripting -- modprpw
Few updates along with James reply. You can use getprpw command to know the existing values for the user. There are two kind of policies.
1.System level security policies. Applicable to all users.
2.User level security policies. Applicable to specific user.
# /usr/lbin/getprpw test
uid=101, bootpw=NO, audid=13, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1,
.......
If the values for exptm, lftm, mintm, and expwarn are equal to -1, this means that the user is using the system security policy options defined in SAM. Looking at this example:
# /usr/lbin/getprpw test2
uid=102, bootpw=NO, audid=14, audflg=1, mintm=2, maxpwln=-1, exptm=30, lftm=50,
spwchg=Thu Nov 21 18:07:34 2002, upwchg=-1, acctexp=-1, llog=-1, expwarn=2, usrp
.......
User test2 is not using the system security options (values are not equal to -1) exptm=30, lftm=50, mintm=2, expwarn=2
Changing the system security options in SAM will not have an impact on this user (test2). But you can change user security options with SAM or from the command line.
These are the policies related to password aging.
Password Aging Policies
exptm ==> Password Expiration Time (days)
expwarn ==> Password Expiration Warning Time (days)
lftm ==> Password Life Time (days)
mintm ==> Time Between Password Changes (days)
So whatever mention with modprpw will be in days.
Note that you need to set "exptm" for password expiration not "mintm" . "mintm" means ,after "mintm" days the user can change the password again to either a new
password or back to the old password (Time Between Password Changes)
Hope this helps.
Ganesh.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2008 08:20 AM
тАО12-03-2008 08:20 AM
Re: Password Life scripting -- modprpw
Yes, I will have a user list with the userid on each line.
I would prefer to define it system wide, but we've got too many hands in the cookie jar. Since we are only a service provider for the district we've got to adjust on a district by district basis..
That helps a lot. I will also be define each account to expire, at same time.
So if I do the script it should look like this correct? (ADDING the "-e")
To read input, you could do:
while read UUNAME X
do
/usr/lbin/modprpw -e -m mintm=90 ${UUNAME}
done < districtuser.txt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2008 08:24 AM
тАО12-03-2008 08:24 AM
Re: Password Life scripting -- modprpw
Regarding your last question of adding '-e' to the command to look like:
/usr/lbin/modprpw -e -m mintm=90 ${UUNAME}
...yes, according to the manpages that is legal.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-14-2009 07:47 AM
тАО05-14-2009 07:47 AM