HPE Community
Operating System - HP-UX
1830520 Members
2939 Online
110006 Solutions
New Discussion

Disabling password aging - HPUX 11.31

 
PatRoy
Regular Advisor

‎01-13-2009 08:52 AM

‎01-13-2009 08:52 AM

Disabling password aging - HPUX 11.31

Hi.

Running HPUX 11.31... in UNtrusted mode.

I'm trying to disable password aging for one particular user. If I try setting PASSWORD_MAXDAYS in SMH to -1, like it says to disable it (i.e. -1...441 Maximum number of days that a password is valid (-1=Disable aging), I keep getting the following error:

The user value for PASSWORD_MAXDAYS is out of range.

If I try with userdbset:

userdbset -u username PASSWORD_MAXDAYS=-1

I get: Unknown attribute : PASSWORD_MAXDAYS

Why?? What gives?? I've got SMH A.2.2.9.1 installed.

Regards, Pat


0 Kudos
Reply
7 REPLIES 7
Avinash20
Honored Contributor

‎01-13-2009 09:13 AM

‎01-13-2009 09:13 AM

Re: Disabling password aging - HPUX 11.31

Are you using shadow password file since there was an issue where /etc/default/security
overrides /etc/shadow
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
0 Kudos
Reply
PatRoy
Regular Advisor

‎01-13-2009 10:13 AM

‎01-13-2009 10:13 AM

Re: Disabling password aging - HPUX 11.31

Nope. Ain't using shadow. Passwords are encrypted within /etc/passwd.

SHould I be using shadow?
0 Kudos
Reply
Avinash20
Honored Contributor

‎01-13-2009 10:37 AM

‎01-13-2009 10:37 AM

Re: Disabling password aging - HPUX 11.31

No, its not required.
Might be there is some other issue
You need to wait for our experts to revert to your issue,
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-13-2009 08:41 PM

‎01-13-2009 08:41 PM

Re: Disabling password aging - HPUX 11.31

>Why?? What gives??

You could always use vipw(1m) to remove the aging subfield out of the password field. From the comma to the end.
0 Kudos
Reply
PatRoy
Regular Advisor

‎01-16-2009 01:04 PM

‎01-16-2009 01:04 PM

Re: Disabling password aging - HPUX 11.31

Here's a note I've got from HP after submitting a case for it...



>>> HPSupport_AM 14/01/2009 3:38 pm >>>

FR: alonso_baldioceda

Patrick,

There is an Enhancement request filed with the reference number QXCR1000821184 to resolve this issue.

As per the manual pages of passwd(1) and security(4), setting PASSWORD_MAXDAYS=-1 will disable the password aging. But values specied in system-wide configuration file /etc/default/security do not take effect. So it is no possible disable password aging per user overriding the system default to use password aging.

Unfortunately there is no a fix currently and there is no a release date for the patch.


Thanks,
Alonso

======================

My original note:


Running HPUX 11.31 on an Untrusted system and trying to disable password aging for 1 user from the SMH web interface. Not yet running with shadow passwords.

Just like it says for PASSWORD_MAXDAYS: -1...441 Maximum number of days that a password is valid (-1=Disable aging)

I did exactly that. Put in -1. It keeps telling me -1 out of range???

Now if I go into the tui version of SMH, I read the following warning:

The per user value for the security attributes PASSWORD_MINDAYS, PASSWORD_MAXDAYS and PASSWORD_WARNDAYS cannot be removed individually.

How are we supposed to disable password aging for 1 user only? PASSWORD_MAXDAYS is set to 60 in /etc/default/security.
0 Kudos
Reply
OldSchool
Honored Contributor

‎01-16-2009 03:47 PM

‎01-16-2009 03:47 PM

Re: Disabling password aging - HPUX 11.31

OK....the PASSWORD_MAXDAYS and whatnot are in the default security files. They are applied when the user is first created and then not referenced. Disabling them w/ -1 will only apply to users created after the change.

I have no clue what userdbset does, so I can't comment on why you see the results you do.

For a specific user, you can:

a) remove the aging information for an individual user using "vipw" as Dennis noted. in the following example:

testusr:asdcasd,asd:.......

you would want that to read:

testusr:asdcasd:.......

or:

b)as "root", you can try:

passwd testusr -n 0 -x 0

NOTE:
I prefer the "vipw" method, as I *know* that will work
0 Kudos
Reply
Javed Khan_1
Valued Contributor

‎01-17-2009 04:51 AM

‎01-17-2009 04:51 AM

Re: Disabling password aging - HPUX 11.31

Hi,

remove password aging field from password i.e after comma

if you are not familiar with editing /etc/passwd

use SAM to disable password aging

SAM-Accounts for Users and Groups-Local users-select account-Modify password option -set password option to No Restrictions (Normal Behavior)

Javed
Never Give Up
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.