HPE Community
Operating System - HP-UX
1837232 Members
2049 Online
110115 Solutions
New Discussion

Re: Expiring password on a non-trusted system

 
Natalya Murphy
New Member

‎04-25-2003 09:39 AM

‎04-25-2003 09:39 AM

Expiring password on a non-trusted system

We are on an HP-UX 11.0 non-trusted system, with password aging enabled (in # of weeks). From reading the man pages, I know that the date of the last password change that gets displayed from "passwd -s" is actually the latest Thursday since the password was actually changed. Because of this, trying to predict the actual expiration date has a margin of error involved. However, if a user tries to su or remsh, the unix system complains on the EXACT day the password expired. How does the O/S know the exact expiration date, and how can I get at this same information? Is there some sort of C/C++ function I can call to get the info? It seems like if the O/S can figure out the exact expiration date, there ought to be a way for me to do it as well. For the record, converting to a trusted system is not an option for us.
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎04-25-2003 09:57 AM

‎04-25-2003 09:57 AM

Re: Expiring password on a non-trusted system

Last change date plus number of weeks in the passwd -sa command.

All of the necessary information is in this command.

You can use awk or cut to output these values into variable and do any calculations you like.

There is no warning of expiration in HP-UX non-trusted.

So if you changed the password on March 1, and the expiration was four weeks, on March 29 or first login after that(midnight) the user will be prompted to change the password.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Natalya Murphy
New Member

‎04-25-2003 10:14 AM

‎04-25-2003 10:14 AM

Re: Expiring password on a non-trusted system

The problem is, the non-trusted system doesn't display the actual change date, but the most recent Thursday since the change date. So if I changed my password on March 1, 2003 "passwd -s" would claim I had changed it on Feb. 27, 2003 (the latest Thursday). Assuming a 4-week expiration, I would then calculate that the password expires on (Feb. 27 + 28 days), when in reality it will expire on (March 1 + 28 days). We've tried this solution, with the result that our program claims the unix password has expired, even though the O/S doesn't think it's expired yet. On a side-note, I've noticed this same kind of false-alarm behavior from some third-party software we use.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎04-28-2003 01:28 AM

‎04-28-2003 01:28 AM

Re: Expiring password on a non-trusted system

Hi Natalya,

Have a look at the following document: KBRC00006698

You can find this in the technical knowledge database on the ITRC, providing your contract details are linked to your ITRC login.

The document provides some C code for the functionality you're looking for. Here's the description from the top of the code:

* With a user name as an argument, if that user's password expires within
* "DAYS_OF_WARNING", then this prints the days until the password expires.
* This is for a non-trusted system.

For greater control over password aging I'd suggest you investigate trusting the system.

regards,

Darren
Calm down. It's only ones and zeros...
0 Kudos
Reply
Mark Blonde
Advisor

‎11-28-2003 05:59 AM

‎11-28-2003 05:59 AM

Re: Expiring password on a non-trusted system

I'm looking for the document KBRC00006698. I was wondering if somebody could help me find it.
If you don't have what you want, want what you have.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.