HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Password expiration does NOT seem to be working

 
SOLVED
Go to solution
Fedon Kadifeli
Super Advisor

Password expiration does NOT seem to be working

We have the following in /etc/default/security (grep DAYS /etc/default/security):

# INACTIVITY_MAXDAYS=0
PASSWORD_MAXDAYS=7
# PASSWORD_MINDAYS=14
PASSWORD_WARNDAYS=6

Users have changed their passwords last Friday or before that day, but still get no warnings about approaching password expiration.

Shadow passwords are enabled on system. For example we have the following in /etc/shadow:

user1:tc9YxAbrz1a5w:14371::::::

Any ideas?

System version: HP-UX 11.31
10 REPLIES
avizen9
Esteemed Contributor

Re: Password expiration does NOT seem to be working

hello,
your system followed all requirement for password agging, attached url,?
http://www.docs.hp.com/en/B2355-90121/ch02s06.html
Kenan Erdey
Honored Contributor

Re: Password expiration does NOT seem to be working

Hi,

configuration seems to be true. if user changed password on friday, is it expected it 'll warn on next thursday ?
Computers have lots of memory but no imagination
Ganesan R
Honored Contributor

Re: Password expiration does NOT seem to be working

Hi,

As per your configuration, users will get a warning message after 6 days since his last password change. Isn't it?
Best wishes,

Ganesh.
Fedon Kadifeli
Super Advisor

Re: Password expiration does NOT seem to be working

avizen9:

The system is not in trusted mode. It is a normal HP-UX 11.31 system with shadow passwords enabled.

Kenan & Ganesan:

According to this configuration, I expect the password to expire next Friday (May 29), and warnings to start appearing 6 days before this day (Saturday, May 23).
Ganesan R
Honored Contributor

Re: Password expiration does NOT seem to be working

Hi Again,

You are right. Users are suppose to get warning messages 6 days before the password expiration. But there are two restrictions apply here.

1.The value takes effect after the password change.

So if you have set the password restrictions after the password change or if you haven't changed the password after you security file changes, then this setting won't have effect.
Try changing the password once and check it.

2.This attribute applies only to local users on shadow password systems.

Hope, it is local users.
Best wishes,

Ganesh.
Sunny123_1
Esteemed Contributor

Re: Password expiration does NOT seem to be working

Hi
Ganesan is right.Whenever you make changes in securiry file it will affect only after next password change.So if user1 changes paasword now he will get warning as per security file.

Regards
Sunny
Fedon Kadifeli
Super Advisor

Re: Password expiration does NOT seem to be working

Ganesan & sunny123:

You seem to be right. After I changed my password today and then edited the /etc/shadow password by putting again "14371" in the password change date for "user1", the user was prompted to change the password.

As a second test I set "14383" and the user gets just the warning:

Your password will expire in 1 day.

Note: Today is "14389". Thank you for your help.

Ganesan & sunny123:

Sorry for the low points; because I submitted the points, before doing the above test. :)

If you reply to my post, I will give you 10 points.
Sunny123_1
Esteemed Contributor
Solution

Re: Password expiration does NOT seem to be working

Hi Fedon

The forum is not for just points.It is to help each others.And dont forget to close the thread as i think you got the solution.

Regards
Sunny
Ganesan R
Honored Contributor

Re: Password expiration does NOT seem to be working

Hi,

At times we need appreciations by means of points that makes keep going. But more importantly, not only me, hopefully everyone should be happy and satisfied if the issue resolved by their solutions.

I strongly believe that, all here are not only helping others, infact helping themselves by keeping them upto date, refreshing, learning, and so on......

Hope guys agree with me.

Best wishes,

Ganesh.
Fedon Kadifeli
Super Advisor

Re: Password expiration does NOT seem to be working

It seems that, the relevant fields in /etc/shadow file are updated after a password change for that user. It also seems that the authentication routines check only the /etc/shadow file for password expiration-related stuff, and NOT the entries in /etc/default/security file.