- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: any official guide for /etc/shadow
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2011 12:41 AM - edited 08-09-2011 01:44 AM
08-09-2011 12:41 AM - edited 08-09-2011 01:44 AM
any official guide for /etc/shadow
Dear all,
My application needs to provide users with the passwd aging options. Basically it acts as an agent between end-user and /etc/passwd. We now need to switch to /etc/shadow and still provide the passwd aging options.
I have to know what will be reflected in /etc/shadow by setting passwd aging options.
I had some tests and got some ideas out of them
an ordinary setting like
[X] Only SU can change passwd
[X] Force Passwd Change at next login
Expire days 14 Minumun Day 7
I got the entry in shadow as tteett:io7Qtk6UQM3nU:15195:7:14:0::: expire in 14 days and minumun days 7 (please note 15195 is the days of today since 1970,1,1)
then
[Y] Only SU can change passwd
[X] Force Passwd Change at next login Expire days 14 Minumun Day 7
tteett:io7Qtk6UQM3nU:15195:14:7:0::: only SU can change the passwd
When "Only SU can change passwd" is enabled I think other options should be disabled automatically. and in the file, order of expire and minimum is switched to reflect such a setting
then
[X] Only SU can change passwd
[Y] Force Passwd Change at next login Expire days 14 Minumun Day 7
tteett:io7Qtk6UQM3nU:15174:7:14:0::: must change passwd at the next login
When "Force Passwd Change at next login" is enabled it looks the last_change(15174) will be set to a past date, and will be minimun_days + expire_days ago(14+7=21) indicating the passwd has expired and force user to change his passwd at next login.
Now I can only guess from the test, if I can have a official guide to this it will be of great help. Do you know any guide around? Please suggest.
Regards and thanks ahead
Kang
- Tags:
- trusted mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2011 05:47 AM
08-09-2011 05:47 AM
Re: any official guide for /etc/shadow
HI:
You might take a look at :
http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c01944073/c01944073.pdf
...and the manpages for 'shadow(4)' and 'security(4)'.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2011 08:26 PM
08-09-2011 08:26 PM
Re: any official guide for /etc/shadow
Thanks JRF.
But from it I failed to find the details of how passwd aging information is stored and changed when user's passwd is changed. Should the guide have a newer version?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2011 10:42 PM - edited 08-16-2011 10:06 PM
08-09-2011 10:42 PM - edited 08-16-2011 10:06 PM
Re: any official guide for /etc/shadow
Aha the second question should be answered here
man shadow(4): max days The maximum number of days for which a password is valid.
A user who attempts to login after his password has expired is forced to supply a new one. If min days and max days are both zero, the user is forced to change his password the next time he logs in. If min days is greater than max days, then the password cannot be changed.
These restrictions do not apply to the superuser. See also PASSWORD_MAXDAYS in security(4) and the passwd -x command in passwd(1).
***If min days is greater than max days, then the password cannot be changed. ***
Seems the number does't matter.
Also the number in 3rd Q seems not important either as long as it's old enough.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2011 05:56 AM
08-10-2011 05:56 AM
Re: any official guide for /etc/shadow
@arking1981 wrote:
Aha the second question should be answered here man shadow(4): ...
Which is why is said, "...and the manpages for 'shadow(4)' and 'security(4)'."
Regards!
...JRF...