HPE Community
Operating System - HP-UX
1752786 Members
5838 Online
108789 Solutions
New Discussion

any official guide for /etc/shadow

 
arking1981
Frequent Advisor

‎08-09-2011 12:41 AM - edited ‎08-09-2011 01:44 AM

‎08-09-2011 12:41 AM - edited ‎08-09-2011 01:44 AM

any official guide for /etc/shadow

Dear all,

 

My application needs to provide users with the passwd aging options. Basically it acts as an agent between end-user and /etc/passwd. We now need to switch to /etc/shadow and still provide the passwd aging options.

 

I have to know what will be reflected in /etc/shadow by setting passwd aging options.

I had some tests and got some ideas out of them

 

an ordinary setting like

[X] Only SU can change passwd

[X] Force Passwd Change at next login

Expire days 14 Minumun Day 7

I got the entry in shadow as tteett:io7Qtk6UQM3nU:15195:7:14:0::: expire in 14 days and minumun days 7 (please note 15195 is the days of today since 1970,1,1)

 

 then

 [Y] Only SU can change passwd

 [X] Force Passwd Change at next login Expire days 14 Minumun Day 7

 tteett:io7Qtk6UQM3nU:15195:14:7:0::: only SU can change the passwd

 When "Only SU can change passwd" is enabled I think other options should be disabled automatically. and in the file, order of expire and minimum is switched to reflect such a setting

 

then

 [X] Only SU can change passwd

[Y] Force Passwd Change at next login Expire days 14 Minumun Day 7

 tteett:io7Qtk6UQM3nU:15174:7:14:0::: must change passwd at the next login

When "Force Passwd Change at next login" is enabled it looks the last_change(15174) will be set to a past date, and will be minimun_days + expire_days ago(14+7=21) indicating the passwd has expired and force user to change his passwd at next login.

 

Now I can only guess from the test, if I can have a official guide to this it will be of great help. Do you know any guide around? Please suggest.

 

Regards and thanks ahead

Kang

Hello world...
0 Kudos
Reply
4 REPLIES 4
James R. Ferguson
Acclaimed Contributor

‎08-09-2011 05:47 AM

‎08-09-2011 05:47 AM

Re: any official guide for /etc/shadow

HI:

 

You might take a look at :

 

http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c01944073/c01944073.pdf

...and the manpages for 'shadow(4)' and 'security(4)'.

 

Regards!

 

...JRF...

0 Kudos
Reply
arking1981
Frequent Advisor

‎08-09-2011 08:26 PM

‎08-09-2011 08:26 PM

Re: any official guide for /etc/shadow

Thanks JRF.

 

But from it I failed to find the details of how passwd aging information is stored and changed when user's passwd is changed. Should the guide have a newer version?

Hello world...
0 Kudos
Reply
arking1981
Frequent Advisor

‎08-09-2011 10:42 PM - edited ‎08-16-2011 10:06 PM

‎08-09-2011 10:42 PM - edited ‎08-16-2011 10:06 PM

Re: any official guide for /etc/shadow

Aha the second question should be answered here

man shadow(4): max days The maximum number of days for which a password is valid.

A user who attempts to login after his password has expired is forced to supply a new one. If min days and max days are both zero, the user is forced to change his password the next time he logs in. If min days is greater than max days, then the password cannot be changed.

These restrictions do not apply to the superuser. See also PASSWORD_MAXDAYS in security(4) and the passwd -x command in passwd(1).

***If min days is greater than max days, then the password cannot be changed. ***

Seems the number does't matter.

 

Also the number in 3rd Q seems not important either as long as it's old enough.

Hello world...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-10-2011 05:56 AM

‎08-10-2011 05:56 AM

Re: any official guide for /etc/shadow

@arking1981 wrote:
Aha the second question should be answered here man shadow(4): ...

Which is why is said, "...and the manpages for 'shadow(4)' and 'security(4)'."

 

Regards!

 

...JRF...

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.