HPE Community
Operating System - HP-UX
1753454 Members
6544 Online
108794 Solutions
New Discussion юеВ

to set root password expiry as NULL

 
SOLVED
Go to solution
masood bt
Regular Advisor

тАО03-18-2009 06:17 AM

тАО03-18-2009 06:17 AM

to set root password expiry as NULL

serverxx:/ # passwd -s
root PS 02/17/09 0
serverxx:/ #

The test requirement says the root password attributes should be set to NULL

I did
serverxx:/ # passwd -n 0 -x 0 -w 0 root
argument rounded up to nearest week
argument rounded up to nearest week
argument rounded up to nearest week
serverxx:/ #

Now it is

serverxx/ # passwd -s root
root PS 02/17/09 0 0
serverxx/#

I do not want to see any zeroes..any value at all..i.e., the attributes should be set to NULL...can somebody explain me how to acheive this? Thank you.
Behind every Great fortune, there is a crime
0 Kudos
13 REPLIES 13
Steven E. Protter
Exalted Contributor

тАО03-18-2009 06:28 AM

тАО03-18-2009 06:28 AM

Re: to set root password expiry as NULL

Shalom,

There is a utility called vipw

It edits /etc/passwd

You can empty out the password field.

You can use sam to change the aging of the root password to not expire.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
masood bt
Regular Advisor

тАО03-18-2009 06:56 AM

тАО03-18-2009 06:56 AM

Re: to set root password expiry as NULL

Hi Steven
I am Masood :-)

Here is the output with only first two lines:
serverxx:/#vipw
root:*:0:3::/:/sbin/sh
daemon:*:1:5::/:/sbin/sh

The password field has a *


In Sam->accts for users n groups->users->root/actions/security policies->passwd ageing policies is disabled already
Behind every Great fortune, there is a crime
0 Kudos
masood bt
Regular Advisor

тАО03-18-2009 07:02 AM

тАО03-18-2009 07:02 AM

Re: to set root password expiry as NULL

Steven
I cannot anything like password expiry in sam
I do not fully understand the significance of removing the * in the /etc/passwd

I want no zeroes here
serverxx:/ # passwd -sa
root PS 02/17/09 0 0

Also..
I had been to this page
#man modprpw
:my own extracts for you..I am not sure though:
modprpw(1M) modprpw(1M)

-e This option is specified with a user name to expire the specified
user's password. It zeroes the successful change time.

May be combined with options -l, -m, -n.

Boolean values are specified as YES, NO, or DFT for system
default values (/tcb/files/auth/system/default). Numeric values
are specified as positive numbers, 0, or -1. If the value -1 is
specified, the numeric value in the database is removed, allowing
the system default value to be used. Time values are specified
in days, although the database keeps them in seconds.

No aging is present if the following 4 database parameters are
all zero: u_minchg, u_exp, u_life, u_pw_expire_warning.
Behind every Great fortune, there is a crime
0 Kudos
Paul McCleary
Honored Contributor

тАО03-18-2009 08:58 AM

тАО03-18-2009 08:58 AM

Re: to set root password expiry as NULL

Hi Masood,

Looking at passwd man page I'm not sure what you're doing is valid:

-s name Display some password attributes associated with the
specified name. Superuser privilege and non-trusted
mode is required if the files repository is specified.

I assume you have a trusted configuration as you have an asterick in the user password field and you are looking at trusted system commands (modprpw).

HTH, Paul

0 Kudos
Paul McCleary
Honored Contributor

тАО03-18-2009 09:16 AM

тАО03-18-2009 09:16 AM

Re: to set root password expiry as NULL

What you mention above is:

modprpw -m mintm=0,lftm=0,exptm=0,expwarn=0 root

Maybe you should then use getprpw to check this, as opposed to passwd -s.

Info on DB fields:

mintm=value database u_minchg=(value*86400).

Set the minimum time interval between
password changes (days). 0 = none. Same as
non-trusted mode minimum time.

lftm=value database u_life.

Set password life time interval (days). 0 =
infinite.

exptm=value database u_exp=(value*86400).

Set password expiration time interval (days).
0 = expired. Same as non-trusted mode
maximum time.


expwarn=value database u_pw_expire_warning=(value*86400).

Set password expiration warning time interval
(days). 0 = none.

HTH, Paul
0 Kudos
masood bt
Regular Advisor

тАО03-18-2009 04:43 PM

тАО03-18-2009 04:43 PM

Re: to set root password expiry as NULL

Here it is:
serverxx:/ # /usr/lbin/getprpw root
uid=0, bootpw=YES, audid=0, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=-1, spwchg=Tue Feb 17 17:02:10 2009, upwchg=Tue Mar 17 16:59:08 2009, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Mar 19 00:42:15 2009, ulogint=Wed Mar 18 12:40:02 2009, sloginy=console, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000
serverxx:/ #

What does this say??
Behind every Great fortune, there is a crime
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО03-18-2009 09:49 PM

тАО03-18-2009 09:49 PM

Solution

Re: to set root password expiry as NULL

>What does this say?

A question to you would be what fields do you not understand?

getprpw(1m) lists all of the fields under -m.
It also says you can look at prpwd(4) for more details:
http://docs.hp.com/en/B2355-60130/getprpw.1M.html
http://docs.hp.com/en/B2355-60130/prpwd.4.html
0 Kudos
Suraj K Sankari
Honored Contributor

тАО03-18-2009 10:01 PM

тАО03-18-2009 10:01 PM

Re: to set root password expiry as NULL

Hi,

Here is the meaning of this values.

uid user uid
bootpw boot authorization flag
audid audit id
audflg audit flag
mintm minimum time between password changes
maxpwln maximum password length
exptm password expiration time
lftm password lifetime
spwchg last successful password change time
upwchg last unsuccessful password change time
acctexp account expiration time
llog last login time interval
expwarn password expiration warning time
usrpick whether user picks password, YES/NO/DFT
syspnpw whether system generates pronounceable passwords, YES/NO/DFT
rstrpw whether password is restricted, i.e, checked for triviality, YES/NO/DFT
nullpw NULL passwords are allowed, YES/NO/DFT. Not recommended!
syschpw whether system generates passwords having characters only, YES/NO/DFT
sysltpw whether system generates passwords having letters only, YES/NO/DFT
timeod time of day allowed for login
slogint time of last successful login
ulogint time of last unsuccessful login
sloginy tty of last successful login
culogin consecutive number of unsuccessful logins so far
uloginy tty of last unsuccessful login
umaxlntr maximum unsuccessful login tries
alock administrator lock, YES if on, NO if off, DFT if not set.
lockout returns the reason for a lockout in a "bit" valued string,
where 0 = condition not present,
1 is present. The position,

for more info do man getprpw

Suraj
0 Kudos
masood bt
Regular Advisor

тАО03-19-2009 07:50 AM

тАО03-19-2009 07:50 AM

Re: to set root password expiry as NULL

Attached getprpw output for root
Now seeing those lines..can I say the attributes set for user root are set to NULL?
Behind every Great fortune, there is a crime
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.