cancel
Showing results for 
Search instead for 
Did you mean: 

passwd expiry

newunix
Frequent Advisor

passwd expiry

/usr/lbin/getprpw
uid=110, bootpw=NO, audid=31, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Sep 10 15:12:23 2003.....

no passwd expiry time is set but dba saying that his password has expired.

how to find the passwd expiry date
6 REPLIES
vishnu.khandare
Respected Contributor

Re: passwd expiry

Hi,
How dba can tell password expired unless an untell have the root privilage,

Anyways..
Output from the cmd /usr/lbin/getprpw userid is not full, there is last tab lockout=0000000 it should be like this for normal user, if its like lockout=1000000 it means its expired.

Hope this solves ur query.
Please do assign points

Regards
Vishnu Khandare
You should deserve before U desire!!!!
newunix
Frequent Advisor

Re: passwd expiry

hi

eventhough lockout valur is 1000000 which states past passwd liftime, but i dont set any passwd life tile for a particulat user its is -1, if i set exptm=70 days so after 70 days pwd may expire,but i meant to say is i havent set any pwd expiry for that user
vishnu.khandare
Respected Contributor

Re: passwd expiry

Hi,

R u normal user or root user???
Whats password policies u have set depends upon that ur password will expire after that perticular days it will expire.

Hope it solves ur query

Please do assign points

Regards
Vishnu Khandare
You should deserve before U desire!!!!
Hakki Aydin Ucar
Honored Contributor

Re: passwd expiry

your system is trusted OR not ?
## ll -d /tcb
/tcb not found # means it is NOT TRUSTED System !

if not, In NonTrusted Systems; to disable passwd aging for a specific user from command line do nothing (in HP-UX11i v1 for example)
Default is password aging is already disabled. You can check it with command:
# passwd -s

Bill Hassell
Honored Contributor

Re: passwd expiry

There are two expiration values. One is the typical 60 or 90 days, but there is a lifetime for the user. This lifetime is generally not set for the user so it is taken from the system-wide value. The system administrator may have set the system lifetime to something like 9999 which seems like a good idea, but this number is now too large. In less than 9999 days, it will be the year 2038 and in most Unix-like systems, the time is kept in seconds. But in 2038, the maximum value for time will exceed the 32bit integer used for timekeeping and when the number rolls around to a negative value, the year 1901. Since 2010 is past 1901, it would appear that the user's lifetime has been exceeded.

Check the system wide lifetime in SAM (or smh) and lower it if it is more than 9000 days. Here is a more detailed explanation:

http://blog.sourcedirect.com/2010/09/y2k38-is-starting-to-creep-in/


Bill Hassell, sysadmin
Jim Walls
Trusted Contributor

Re: passwd expiry

>>>/usr/lbin/getprpw
uid=110, bootpw=NO, audid=31, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Sep 10 15:12:23 2003.....

From this I see that most of the user settings (mintm=-1, maxpwln=-1, exptm=-1, lftm=-1) are using the system defaults.

You can see the system defaults using the getprpol command. For example:
/usr/lbin/getprdef -m
bootpw=NO, mintm=0, maxpwln=80, exptm=90, lftm=0, llog=-1, expwarn=14, usrpick=YES, syspnpw=YES, rstrpw=YES, nullpw=NO, syschpw=NO, sysltpw=NO, umaxlntr=7, tmaxlntr=10, dlylntr=5, lntmout=0

Use SAM to override the settings for individual users. Or use /usr/lbin/modprpw.

man getprpw
man modprpw