HPE Community
Operating System - HP-UX
1837523 Members
3948 Online
110117 Solutions
New Discussion

Re: Disable Inactive User Account.

 
Sejal Joshi
Occasional Contributor

‎07-25-2001 10:11 AM

‎07-25-2001 10:11 AM

Disable Inactive User Account.

How I can disable Inactive user account in Non-truested system?? Like disable user account if no activity for 60 days..I don't want to convert my system as trusted system...We are running HP-UX 10.20 & 11.00...
How to analyze HPMC Chassis codes???
0 Kudos
Reply
5 REPLIES 5
Christopher Caldwell
Honored Contributor

‎07-25-2001 10:42 AM

‎07-25-2001 10:42 AM

Re: Disable Inactive User Account.

Put an asterisk (*) in their password field.
0 Kudos
Reply
Sejal Joshi
Occasional Contributor

‎07-25-2001 10:43 AM

‎07-25-2001 10:43 AM

Re: Disable Inactive User Account.

How I can check that user is inactive for 60 days??
How to analyze HPMC Chassis codes???
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-25-2001 10:48 AM

‎07-25-2001 10:48 AM

Re: Disable Inactive User Account.

Hi,

One approach would be to scan the passwd file (or passwd map) and for all uid's > 100 determine if the user's .sh_history file has not been modified in the last 60 days. If so, change the encryted passwd field to '*'.

If you have csh users you would need to set savehist and then examine the .history file but the concept is the same.

Hope this gets you started, Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎07-25-2001 10:59 AM

‎07-25-2001 10:59 AM

Re: Disable Inactive User Account.

Hi:

One thought that comes to mind is to leverage /var/adm/wtmp [login database]. This would assume that you do not null the file simply because it grows large, but rather manage it with 'fwtmp'. See the man pages for 'last' and for 'fwtmp (1M)'.

Thus, using the last login data on a per-user basis, you could create a script that would replace a user's password with an asterisk ("*") and thereby inactivate it.

Obviously, your process would need some verification steps to insure that the absence of login activity was "real" during the period in question and not due to inadvertant file trimming.

...JRF...
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎07-25-2001 11:12 AM

‎07-25-2001 11:12 AM

Re: Disable Inactive User Account.

You could also script a routine to look at the output of the last command (I think I'd trust last more than .sh_history if it's a matter of trust -- users can modify .sh_history).

.sh_history will work if the users are telnet or terminal, but it won't catch the users using things like ftp; last will.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.