System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

what daemon/process is kicked off and lock the account?

Hanry Zhou
Super Advisor

what daemon/process is kicked off and lock the account?

We are using trust system on 11iv2 servers, and set 90 days to lock accounts if they have not been logged in.

My question is, what daemon/process check the expiration days, and perform the locking action?

Thanks,
none
6 REPLIES
Matti_Kurkela
Honored Contributor

Re: what daemon/process is kicked off and lock the account?

None. The login process itself checks the time limits right after it has verified the password. If a time limit has expired, the login process just kicks the user back out.

This check is implemented in the PAM libraries, so all login methods that use PAM will have the same behavior.

MK
MK
Hanry Zhou
Super Advisor

Re: what daemon/process is kicked off and lock the account?

As we know, once the account passed 90 days, the lock attribute will be set under /tcb. There got be a way to set the "lock" attribute. What is the process/daemon to complete this action?

I am not asking the verification when users login.

none
Dennis Handly
Acclaimed Contributor

Re: what daemon/process is kicked off and lock the account?

>There got be a way to set the "lock" attribute. What is the process/daemon to complete this action?

As MK said, this is automatically set when you attempt to login. If you never log out, you be able to stay on forever.

You can lock an account with: passwd -l name
Hanry Zhou
Super Advisor

Re: what daemon/process is kicked off and lock the account?

I probably did not make myself clear. I am not asking how the user was kicked out when he tried to login. I understand what you guys told me about.

Before the user login, if last login happened more than 90 days ago, then his account attribute under /tcb directory was already locked before he even tried to login. My question is, what process/mechanism to perform that action of locking his account? I am not asking what happend at the moment when he is tryint to login.

Thanks for your patience.
none
Patrick Wallek
Honored Contributor

Re: what daemon/process is kicked off and lock the account?

I don't think there is a daemon that does this.

I think that whenever the account is queried, either via a login attempt or via the getprpw command, then the /tcb entry for that account is accessed and all information checked. If a value is out of range (account expired, too many invalid logins, etc.) then the account shows as "locked". If you are using getprpw the you get a '1' in whatever column(s) is/are appropriate.
Dennis Handly
Acclaimed Contributor

Re: what daemon/process is kicked off and lock the account?

>what process/mechanism to perform that action of locking his account?

As mentioned before, this is checked when he tries to login. I.e. it is only checked when there is a need to know.

>I am not asking what happened at the moment when he is trying to login.

This is the only time this is checked. And possibly if you use a command to check as Patrick said.