HPE Community
Operating System - HP-UX
1833471 Members
2780 Online
110052 Solutions
New Discussion

Disable Password Aging Policies

 
Yong Siew Lee
Occasional Contributor

‎09-10-2001 11:05 PM

‎09-10-2001 11:05 PM

Disable Password Aging Policies

Hi,

I have enabled Password Aging Policies using SAM on my HP-UX 11.0 machines. Under System Securities Policies -> Password Aging Policies I enable "Password Aging". Under General User Account Policies, I enable "Lock Inactive Accounts"

However, the policies applied to root which is not what I want. Hence, I disable the polcies for root, after which, root cannot login to the system at all.

I tried to disable (or revert what I have done) the password aging policies using SAM for the system wide. Now, all the users cannot login even after I have changed the password for them. I checked using SAM, the accounts are not disabled.

Anyone know the proper way of disabling password aging and general user account policies? Your help is appreciated.

Thank you.
0 Kudos
Reply
7 REPLIES 7
Animesh Chakraborty
Honored Contributor

‎09-10-2001 11:20 PM

‎09-10-2001 11:20 PM

Re: Disable Password Aging Policies

Hi,

You can use the script below to set the passwd ageing for all the users.

*********************
#!/bin/ksh
#this script will change the password expiration time
#for all users on the system

/sbin/cat /etc/passwd | awk -F: '{print $1}'> /tmp/pass2change

for user in `/sbin/cat /tmp/pass2change`
do
/sbin/passwd -x 60 $user
echo "changing expiration time for $user to 60 days"
done
********************
Pls. take a note that:
1. The -w (warn) option only works on trusted systems.

2. If the -n (min) option is not specified, it is set to 0. This means that a user could be forced to change their password, wait 2 minutes, and change it back.

3. On non-trusted systems, the value of -x and -n is rounded up to the nearest week. Thus, -x 60 is effectively 63, which is 9 weeks.

For more information, see the man page for passwd.

Best of luck
Animesh
Did you take a backup?
0 Kudos
Reply
Herve BRANGIER
Respected Contributor

‎09-10-2001 11:51 PM

‎09-10-2001 11:51 PM

Re: Disable Password Aging Policies

Hi

I think you convert your system as a trusted
one. After you enabled password aging policies
FOR ALL USERS ACCOUNTS.
You can disable policies for specials users (using sam) :

"Account for users and groups" -> "users"

Select "root" (or others accounts you want to
modify), select "Action"->"Modify security policies"->"Password aging".
You may have "default enable", modify as "disable"

HTH

Herv?

0 Kudos
Reply
Yong Siew Lee
Occasional Contributor

‎09-11-2001 12:23 AM

‎09-11-2001 12:23 AM

Re: Disable Password Aging Policies

Hi,

Thanks for all the response. Actually, I know how to enable password aging but the problem that I have is to DISABLE it.

I tried to disable for individual user as well as system wide. However, after disabled, no user can login.
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

‎09-11-2001 12:38 AM

‎09-11-2001 12:38 AM

Re: Disable Password Aging Policies

Hi,
Are you working on a trusted system ?
If not ,try removing the password field from /etc/passwd root:oOoeyUElKbUaQ:0:3::/:/sbin/sh
root::0:3::/:/sbin/sh
If you are already logged in atleast one session or boot it in single user mode.

Best of luck
Animesh
Did you take a backup?
0 Kudos
Reply
Yong Siew Lee
Occasional Contributor

‎09-11-2001 12:51 AM

‎09-11-2001 12:51 AM

Re: Disable Password Aging Policies

Yes, my machines are all trusted.
0 Kudos
Reply
Herve BRANGIER
Respected Contributor

‎09-11-2001 01:11 AM

‎09-11-2001 01:11 AM

Re: Disable Password Aging Policies

Hi

I made a test :

- convert to trusted system
- enable passwd aging
- disable for root

It seems to work. I continue :
- convert to untrusted system

Impossible to login for any account

The only way I found : convert and unconvert
my system... ??? It seems to work ...
I can't explain why ?

Herv?


0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎09-11-2001 01:17 AM

‎09-11-2001 01:17 AM

Re: Disable Password Aging Policies

Hello,

Go into SAM.
1) Select Accounts for Users and Groups
2) Select Users
3) Highlight root's account
4) Select Actions --> Security Policies
5) For the Password Aging section, select disabled

You then will be worry free as to whether or not you password will expire for root.

Hope this helps.

Chris
It wasn't me!!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.