System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Password expiry on 11iv3 standard mode with SMSE security extensions

 
Chris Howard
Frequent Advisor

Password expiry on 11iv3 standard mode with SMSE security extensions

 

Hello,

We are replacing an 11iv2 trusted mode box with an 11iv3 standard mode box having the SMSE security extensions.

On our old box we had a script that ran nightly out of cron and sent me an email warning of upcoming account password expirations.

I need to find a method for doing that task on the new server under 11iv3 SMSE.

The command "login -x" shows when the password was last changed.  Maybe I can find the days increment for when that user is going to expire?

(How come the people who invent these systems never think of the most obvious questions a sysadmin might ask, like "when is this account's password going to expire?" ??)

1 REPLY
Chris Howard
Frequent Advisor

Re: Password expiry on 11iv3 standard mode with SMSE security extensions

I was working on a script to parse the output of 'logins -x' command and the /etc/default/security file entry for PASSWORD_MAXDAYS.  I calculate the date that the password should expire.

Having done that, I see that at least two accounts on the system already have exceeded PASSWORD_MAXDAYS and no warnings or account locking has happened.

So I'm scouring the man pages for security, userdb, logins, passwd... 

When do the system-wide defaults in /etc/default/security get applied?

Does 'passwd -s' and similar commands interact with userdb?

Why don't the system-wide defaults show up when I run a userdbget?

If the root user changes someone's password for them, is does that invoke the system-wide defaults or does the root user then have to run 'passwd -x' to set a future date for password expiration?

As root I ran 'passwd -x 90  <username>'  but 'logins -x' didn't change, but 'passwd -s <username> did change.

Could someone please point me to a comprehensive document that tells how this pile of parts can be made to work together?