HPE Community
Operating System - HP-UX
1751741 Members
6036 Online
108781 Solutions
New Discussion юеВ

passwd aging and forcing passwd change doesn't work at all

 
arking1981
Frequent Advisor

тАО02-16-2009 05:46 PM

тАО02-16-2009 05:46 PM

passwd aging and forcing passwd change doesn't work at all

Hello,

I found the passwd aging and forcing passwd change at next login didn't work at all in my system.
My test was to execute command line like:
"passwd -r files -f -x 14 -n 7 student1"
Meaning: force student1 to establish a new password on the next login which will expire in 14 days and prohibit the user from changing the password until 7 days have transpired.

But when I login with student1 at next time, I was not asked to update the passwd.

I have done some search here and found no matching topic, so I post this question.
Can anyone provide some help?

Thanks in advance.

Regards
arking
Hello world...
0 Kudos
11 REPLIES 11
Steven E. Protter
Exalted Contributor

тАО02-16-2009 06:58 PM

тАО02-16-2009 06:58 PM

Re: passwd aging and forcing passwd change doesn't work at all

Shalom,

What is on passwd -sa

What is in /etc/default/security

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Hakki Aydin Ucar
Honored Contributor

тАО02-17-2009 12:54 AM

тАО02-17-2009 12:54 AM

Re: passwd aging and forcing passwd change doesn't work at all

try this:
# passwd -n 0 -x 14

by the way; Which version of HP-UX ?
0 Kudos
Hakki Aydin Ucar
Honored Contributor

тАО02-17-2009 01:14 AM

тАО02-17-2009 01:14 AM

Re: passwd aging and forcing passwd change doesn't work at all

Options:

-f Force the user to change the password on the next login
EXAMPLE: passwd -f username

-n Specify a minimum password life time (the password cannot be changed during this time)
EXAMPLE: passwd -n1 username

-x Specify a maximum password ((the password must be changed after this time and password aging may vary
between 1 and 158 days)
EXAMPLE: passwd -x158 username

-l Lock a password so the user cannot login
EXAMPLE: passwd -l username
0 Kudos
Jose luis Martinez Esca
Occasional Advisor

тАО02-19-2009 08:45 AM

тАО02-19-2009 08:45 AM

Re: passwd aging and forcing passwd change doesn't work at all

hi arking

only one question are you using Trusted System, SMSE o no security policies in your system?

ch2
0 Kudos
arking1981
Frequent Advisor

тАО02-20-2009 01:07 AM

тАО02-20-2009 01:07 AM

Re: passwd aging and forcing passwd change doesn't work at all

Hi,

Thanks all for your response.
The system is HP-UX 11i.
It isn't using a trusted system

Now the problem seems related with SSH login. When I used telnet to login, the passwd was requested to change because of expiry. But for SSH login, it didn't.

Is the SSH corrupted?
Maybe I need to re-install it?

Regards
arking
Hello world...
0 Kudos
Ganesan R
Honored Contributor

тАО02-20-2009 01:42 AM

тАО02-20-2009 01:42 AM

Re: passwd aging and forcing passwd change doesn't work at all

Hi,

SSH login also should say password expired and ask the user to change the password. Because SSH and telnet is same as far as authentication is concern.

If the account is configured with password less login then ssh login may not work I hope.

What is the error you are getting when you login through ssh?
Best wishes,

Ganesh.
0 Kudos
Matti_Kurkela
Honored Contributor

тАО02-20-2009 01:58 AM

тАО02-20-2009 01:58 AM

Re: passwd aging and forcing passwd change doesn't work at all

Which version of SSH?

I seem to recall that old versions had some problems in password aging support.

Get the latest version of SSH from software.hp.com for free. Read the release notes before installing: the newer versions of SSH have some patch requirements for some HP-UX versions.

MK
MK
0 Kudos
arking1981
Frequent Advisor

тАО02-22-2009 05:32 PM

тАО02-22-2009 05:32 PM

Re: passwd aging and forcing passwd change doesn't work at all

Hi,

Re Ganesan R:
The error was no expiry nofication at the next login after enabling the "force passwd change at next login".
And can you explain what is "configured with password less login"? I don't understand it. Thanks.

Re Matti Kurkela:
Maybe the version is too old:
> what /usr/bin/ssh
/usr/bin/ssh:
HP92453-02A.11.00 HP-UX SYMBOLIC DEBUGGER (END.O ILP32) $Revision: 75.02

As we have other machines with "$OpenSSL A.00.09.07i" installed and it was ok.

If my version too old?
Thanks

Best regards,
arking
Hello world...
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО02-23-2009 03:51 AM

тАО02-23-2009 03:51 AM

Re: passwd aging and forcing passwd change doesn't work at all

>HP92453-02A.11.00 HP-UX SYMBOLIC DEBUGGER (END.O ILP32) $Revision: 75.02

This is the version of end.o, used with -g, useless.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.