HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

any official guide for /etc/shadow

 
arking1981
Frequent Advisor

any official guide for /etc/shadow

Dear all,

 

My application needs to provide users with the passwd aging options. Basically it acts as an agent between end-user and /etc/passwd. We now need to switch to /etc/shadow and still provide the passwd aging options.

 

I have to know what will be reflected in /etc/shadow by setting passwd aging options.

I had some tests and got some ideas out of them

 

an ordinary setting like

[X] Only SU can change passwd

[X] Force Passwd Change at next login

Expire days 14 Minumun Day 7

I got the entry in shadow as tteett:io7Qtk6UQM3nU:15195:7:14:0::: expire in 14 days and minumun days 7 (please note 15195 is the days of today since 1970,1,1)

 

 then

 [Y] Only SU can change passwd

 [X] Force Passwd Change at next login Expire days 14 Minumun Day 7

 tteett:io7Qtk6UQM3nU:15195:14:7:0::: only SU can change the passwd

 When "Only SU can change passwd" is enabled I think other options should be disabled automatically. and in the file, order of expire and minimum is switched to reflect such a setting

 

then

 [X] Only SU can change passwd

[Y] Force Passwd Change at next login Expire days 14 Minumun Day 7

 tteett:io7Qtk6UQM3nU:15174:7:14:0::: must change passwd at the next login

When "Force Passwd Change at next login" is enabled it looks the last_change(15174) will be set to a past date, and will be minimun_days + expire_days ago(14+7=21) indicating the passwd has expired and force user to change his passwd at next login.

 

Now I can only guess from the test, if I can have a official guide to this it will be of great help. Do you know any guide around? Please suggest.

 

Regards and thanks ahead

Kang

Hello world...
4 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: any official guide for /etc/shadow

HI:

 

You might take a look at :

 

http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c01944073/c01944073.pdf

...and the manpages for 'shadow(4)' and 'security(4)'.

 

Regards!

 

...JRF...

arking1981
Frequent Advisor

Re: any official guide for /etc/shadow

Thanks JRF.

 

But from it I failed to find the details of how passwd aging information is stored and changed when user's passwd is changed. Should the guide have a newer version?

Hello world...
arking1981
Frequent Advisor

Re: any official guide for /etc/shadow

Aha the second question should be answered here

man shadow(4): max days The maximum number of days for which a password is valid.

A user who attempts to login after his password has expired is forced to supply a new one. If min days and max days are both zero, the user is forced to change his password the next time he logs in. If min days is greater than max days, then the password cannot be changed.

These restrictions do not apply to the superuser. See also PASSWORD_MAXDAYS in security(4) and the passwd -x command in passwd(1).

***If min days is greater than max days, then the password cannot be changed. ***

Seems the number does't matter.

 

Also the number in 3rd Q seems not important either as long as it's old enough.

Hello world...
James R. Ferguson
Acclaimed Contributor

Re: any official guide for /etc/shadow


arking1981 wrote:
Aha the second question should be answered here man shadow(4): ...

Which is why is said, "...and the manpages for 'shadow(4)' and 'security(4)'."

 

Regards!

 

...JRF...