cancel
Showing results for 
Search instead for 
Did you mean: 

root password expired

Danesh Qureshi
Regular Advisor

root password expired

If the root password has expired I am unable to su to root from a non privileged account unless I am at the console of root I can login and change it even after the password expiry date of the root account.

I am aware when one logs into root account the system warns you that the root password will expire on such a date and time. But if I have not changed the root password before it expires then as stated I am unable to su to root from a non privileged account. My question is there another way to notify the administatrator that the root password is about to expire without logging into root all the time to find out when the root password is expiring. I have been lookingin the man pages on passwd but no joy.

If anyone has any ideas or suggestions or has come across a similar scenario and got round the problem of root expiring I would really appreciate it.
7 REPLIES
Ivan Ferreira
Honored Contributor

Re: root password expired

I think that you will need a script, maybe a perl script, because the information you need is in seconds since the epoch.

With edauth -g root you get the information of the last change (u_succhg). You can then calculate when the next change should be.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Venkatesh BL
Honored Contributor

Re: root password expired

refer to 'man prpasswd', you will find other useful fields as well (like u_exp, u_life etc)
Victor Semaska_3
Esteemed Contributor

Re: root password expired

Danesh,

Here's a script I wrote in Korn shell that may help you. It works with Enhanced Security enabled, I never tried it with Base. It has to run as root so proceed at your own risk.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
Danesh Qureshi
Regular Advisor

Re: root password expired

Hi Vic,

Firstly, thank you for your example script which I have been looking at.

Secondly,I am using ENHANCED security but when I issue the following command for any particular username there is no parameter u_exp nor u_life.

e.g.
/usr/tcb/bin/edauth -g grep u_exp

No information is returned with the above command.
However I do get information back with
/usr/tcb/bin/edauth -g | grep u_succhg.

Can you help me.
Thanks.
Dan..



Victor Semaska_3
Esteemed Contributor

Re: root password expired

Danesh,

It has been awhile since I've work on this so I may get some of this wrong.

There is a 'default' record that contains default values for accounts. If you don't change any of those values in an account you won't see them when you 'edauth -g '.

To see the default values do this:
edauth -g -dd default

So, the logic is a little more complicated. If you can't find a field in a user's account, then you have to go to the default record.

Vic

There are 10 kinds of people, one that understands binary and one that doesn't.
Ivan Ferreira
Honored Contributor

Re: root password expired

This command is wrong:

/usr/tcb/bin/edauth -g grep u_exp

This command is right:

/usr/tcb/bin/edauth -g | grep u_succhg

You must use a pipe.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Hein van den Heuvel
Honored Contributor

Re: root password expired


There is an other recent topic that sounds vaguely similar:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=974620

In there Ivan suggest: usermod -x passwd_lifetime=0 root
Is that of use here?


Just guessing...
Hein.