HPE Community
Operating System - HP-UX
1843834 Members
4326 Online
110224 Solutions
New Discussion

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

 
SOLVED
Go to solution
Cem Tugrul
Esteemed Contributor

‎04-10-2005 11:48 PM

‎04-10-2005 11:48 PM

Change account parameters when we run ./usr/lbin/getprpw loginname

hi,
i need urgent help about on changing some parameters of my 150 accounts.

Firstly,i want my all hp-ux user accounts
to change their pwd every month.
if i change my pwd today so i want my my hp-ux force or notify me on 11.05.2005 but also
i want 15 days later when i logon to system
then i want my hp-ux warn me like "your passwd
expire 15 days later"

Now,when i run ./usr/lbin/getprpw loginmame
for ex;
baan01:/#./usr/lbin/getprpw ut4ha
uid=191, bootpw=NO, audid=132, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Mon Apr 11 14:19:16 2005, upwchg=Mon Apr 11 14:18:40 2005, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Mon Apr 11 14:43:08 2005, ulogint=Mon Apr 11 13:53:18 2005, sloginy=tty, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

How can i change these parameters with script
because i have more 150 users.
Please need urgent help,


Our greatest duty in this life is to help others. And please, if you can't
0 Kudos
6 REPLIES 6
Bill Hassell
Honored Contributor

‎04-11-2005 12:18 AM

‎04-11-2005 12:18 AM

Solution

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

The command is modprpw and the man page will help you. If you are not running 11i, you'll have to read the man page online at docs.hp.com (search for modprpw).

You'll have to create a file with all the user names. The reason you can't just read the passwd file is that you'll affect root,sys,bin,lp, etc so these have to be weeded out:

cut -f1 -d: /etc/passwd > /tmp/user.list

Edit /tmp/user.list and remove the sysadmin names. The script would look something like this:

cat /tmp/user.list | while read USERNAME
do
/usr/lbin/modprpw -v -m mintm=5,exptm=30,expwarn=15 $USERNAME
done

This will 'refresh' each user's password so that the last-change date is today, the minimum time before a user can change the password again is 5 days (prevents users from changing back to an old password immediately), and the expiration of the password is 30 days from today.

NOTE: Human nature, being what it is, a password that expires every 30 days will be self-defeating. Security will actually be compromised because the users will constantly forget their new password and call you for a new one (you can't decode what their current password might be), and other users will write the latest password down on paper and attach it to the monitor or keyboard.

You would be better off setting a change limit of 90 days. Security will be much improved because users have enough time to memorize their passwords.


Bill Hassell, sysadmin
0 Kudos
Kent Ostby
Honored Contributor

‎04-11-2005 12:19 AM

‎04-11-2005 12:19 AM

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

cem -- you will want to use the modprpw command.

The man pages ( man modprpw ) provide details for usage.

"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Cem Tugrul
Esteemed Contributor

‎04-11-2005 05:55 PM

‎04-11-2005 05:55 PM

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

hi,
Before closing this thread 1 more q,
i want to see pwd for my use like;
old password:
new password:
Re-enrty new password:

so i mean i do not want to see like;
Do you want (choose one letter only):
pronounceable passwords generated for you (g)
a string of letters generated (l) ?
to pick your passwords (p) ?

so which paratemeter do i have change?
thank's
Our greatest duty in this life is to help others. And please, if you can't
0 Kudos
Bill Hassell
Honored Contributor

‎04-12-2005 12:53 AM

‎04-12-2005 12:53 AM

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

You wrote:

> Before closing this thread 1 more q,
> i want to see pwd for my use like;
> old password:
> new password:
> Re-enrty new password:

> so i mean i do not want to see like;
> Do you want (choose one letter only):
> pronounceable passwords generated for you (g)
> a string of letters generated (l) ?
> to pick your passwords (p) ?

> so which paratemeter do i have change?

The modprpw command will not ask you anything interactively. The passwd command (to change a password interactively) ALWAYS asks for the old password, then depending on your Trusted system security policies, you can disable the automated password suggestions. In SAM, select:

-> Auditing and Security
---> System Security Policies
-----> Password Format Policies...

Then uncheck the automatic generation choices:

From:
[X] System Generates Pronounceable
[X] System Generates Character
[X] System Generates Letters Only

To:
[ ] System Generates Pronounceable
[ ] System Generates Character
[ ] System Generates Letters Only

This will now have passwd ask just for the old and new passwords.


Bill Hassell, sysadmin
0 Kudos
Tom Maloy
Respected Contributor

‎04-12-2005 01:00 AM

‎04-12-2005 01:00 AM

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

cem,

For the ut4ha user, you can try:

modprpw -l -m usrpick=NO,syspnpw=NO,syschpw=NO,sysltpw=NO ut4ha

But changing it globally (as Bill suggested) is a much better choice.

Tom
Carpe diem!
0 Kudos
Cem Tugrul
Esteemed Contributor

‎04-12-2005 05:26 PM

‎04-12-2005 05:26 PM

Re: Change account parameters when we run ./usr/lbin/getprpw loginname

the replies solved my problem.
Our greatest duty in this life is to help others. And please, if you can't
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.