HPE Community
Operating System - HP-UX
1753831 Members
8961 Online
108806 Solutions
New Discussion юеВ

Re: passwd expiry

 
newunix
Frequent Advisor

тАО10-10-2010 08:28 PM

тАО10-10-2010 08:28 PM

passwd expiry

/usr/lbin/getprpw
uid=110, bootpw=NO, audid=31, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Sep 10 15:12:23 2003.....

no passwd expiry time is set but dba saying that his password has expired.

how to find the passwd expiry date
0 Kudos
Reply
6 REPLIES 6
vishnu.khandare
Respected Contributor

тАО10-10-2010 08:54 PM

тАО10-10-2010 08:54 PM

Re: passwd expiry

Hi,
How dba can tell password expired unless an untell have the root privilage,

Anyways..
Output from the cmd /usr/lbin/getprpw userid is not full, there is last tab lockout=0000000 it should be like this for normal user, if its like lockout=1000000 it means its expired.

Hope this solves ur query.
Please do assign points

Regards
Vishnu Khandare
You should deserve before U desire!!!!
0 Kudos
Reply
newunix
Frequent Advisor

тАО10-10-2010 09:09 PM

тАО10-10-2010 09:09 PM

Re: passwd expiry

hi

eventhough lockout valur is 1000000 which states past passwd liftime, but i dont set any passwd life tile for a particulat user its is -1, if i set exptm=70 days so after 70 days pwd may expire,but i meant to say is i havent set any pwd expiry for that user
0 Kudos
Reply
vishnu.khandare
Respected Contributor

тАО10-10-2010 09:17 PM

тАО10-10-2010 09:17 PM

Re: passwd expiry

Hi,

R u normal user or root user???
Whats password policies u have set depends upon that ur password will expire after that perticular days it will expire.

Hope it solves ur query

Please do assign points

Regards
Vishnu Khandare
You should deserve before U desire!!!!
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

тАО10-11-2010 01:19 AM

тАО10-11-2010 01:19 AM

Re: passwd expiry

your system is trusted OR not ?
## ll -d /tcb
/tcb not found # means it is NOT TRUSTED System !

if not, In NonTrusted Systems; to disable passwd aging for a specific user from command line do nothing (in HP-UX11i v1 for example)
Default is password aging is already disabled. You can check it with command:
# passwd -s

0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-11-2010 04:36 PM

тАО10-11-2010 04:36 PM

Re: passwd expiry

There are two expiration values. One is the typical 60 or 90 days, but there is a lifetime for the user. This lifetime is generally not set for the user so it is taken from the system-wide value. The system administrator may have set the system lifetime to something like 9999 which seems like a good idea, but this number is now too large. In less than 9999 days, it will be the year 2038 and in most Unix-like systems, the time is kept in seconds. But in 2038, the maximum value for time will exceed the 32bit integer used for timekeeping and when the number rolls around to a negative value, the year 1901. Since 2010 is past 1901, it would appear that the user's lifetime has been exceeded.

Check the system wide lifetime in SAM (or smh) and lower it if it is more than 9000 days. Here is a more detailed explanation:

http://blog.sourcedirect.com/2010/09/y2k38-is-starting-to-creep-in/


Bill Hassell, sysadmin
0 Kudos
Reply
Jim Walls
Trusted Contributor

тАО10-13-2010 06:44 PM

тАО10-13-2010 06:44 PM

Re: passwd expiry

>>>/usr/lbin/getprpw
uid=110, bootpw=NO, audid=31, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Sep 10 15:12:23 2003.....

From this I see that most of the user settings (mintm=-1, maxpwln=-1, exptm=-1, lftm=-1) are using the system defaults.

You can see the system defaults using the getprpol command. For example:
/usr/lbin/getprdef -m
bootpw=NO, mintm=0, maxpwln=80, exptm=90, lftm=0, llog=-1, expwarn=14, usrpick=YES, syspnpw=YES, rstrpw=YES, nullpw=NO, syschpw=NO, sysltpw=NO, umaxlntr=7, tmaxlntr=10, dlylntr=5, lntmout=0

Use SAM to override the settings for individual users. Or use /usr/lbin/modprpw.

man getprpw
man modprpw
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.