- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Politics user problem
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 08:21 AM
тАО12-15-2009 08:21 AM
User policy exists that the user's password expires every 3 months
I need to exclude a patron of that policy
Where can I find the documentation, the steps to perform this task
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 08:29 AM
тАО12-15-2009 08:29 AM
SolutionThis can be set through SAM by selecting the user and modifying the security policies for that user.
This could also be done from the command line with the modprpw command.
/usr/lbin/modprpw -m exptime=180 user-id
Where the number after exptime is the number of days before the password expires.
See the modprpw man page for more information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 08:32 AM
тАО12-15-2009 08:32 AM
Re: Politics user problem
I would also use same for all user administration. Its much faster and reliable and you've got other more important things to do than waste an hour figureing out usermod arguements..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 08:32 AM
тАО12-15-2009 08:32 AM
Re: Politics user problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 08:45 AM
тАО12-15-2009 08:45 AM
Re: Politics user problem
sam and its successor smh have an interface that lets you mark a user password never to expire.
There is a similar option on Windows domain controllers, and LDAP systems released by Red Hat.
This is however an exception to security guidelines and can cause you to fail a security audit.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 09:41 AM
тАО12-15-2009 09:41 AM
Re: Politics user problem
> guidelines and can cause you to fail a
> security audit.
Of course, if the principal outcome of
requiring users to change passwords
frequently is users posting their passwords
in their work areas using sticky notes, then
creating an exception for every user may
provide better security, auditors (and policy
makers) notwithstanding.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 12:22 PM
тАО12-15-2009 12:22 PM
Re: Politics user problem
Data security is a serious issue in Corporate America and all over the globe.
Users should be able to use words in combination with numbers to create something memorable. If so, there should be no reason to write them down.
The exception two jobs ago was the organization president. I've dealt with these issues. Passwords are important enough that some time should be spent to remember them.
Everybody should have to change them periodically.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 12:51 PM
тАО12-15-2009 12:51 PM
Re: Politics user problem
The recommended option is to go to sam and deselect "password aging policies"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 03:14 PM
тАО12-15-2009 03:14 PM
Re: Politics user problem
What application please. PowerBroker?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 07:49 PM
тАО12-15-2009 07:49 PM
Re: Politics user problem
No user account should be have password expiration of less than 90 days. We have a wide variety of users. Most log in daily, while others log in anywhere from weekly to annually. Our policy is the same for all.
After 90 days of no activity, the account is locked. After an additional 30 days, the account is deleted. After this, a new user account must be requested.
NOTE: This is explained to every user and supported by mgmt. So, the users that don't log in after 120+ days know they must re-apply. Normally, they get the same login.
Application accounts are either locked or the password is maintained by sys admin staff. For those, we change the password every 90 days regardless if used or not.
Users that actually need access to an application account are provided sudo access. For example, all sys admin's use sudo for root commands and dba's for oracle commands.
Critical logins, including sys admins, root, oracle accounts are monitored for changes.
Of course, we have an exception request for those very, very rare occasions. We don't want to prevent anyone from doing there job, but any exceptions must be documented, validated, and approved by upper mgmt.
Hope this helps...
:-)