HPE Community
Operating System - HP-UX
1827802 Members
2360 Online
109969 Solutions
New Discussion

How to find the log for changing password?

 
Kenny Chau
Trusted Contributor

‎11-08-2001 10:48 PM

‎11-08-2001 10:48 PM

How to find the log for changing password?

Hi all,

I want to know where and how to find any files that contain the changing password or any commands can do the same so that I can know which account has changed its password in the past.

Thanks very much.
Kenny
0 Kudos
Reply
6 REPLIES 6
FireDragon.Xu
Advisor

‎11-09-2001 03:26 AM

‎11-09-2001 03:26 AM

Re: How to find the log for changing password?

Hi,Chao

I am come from ShenZhen China.

You can export the HISTFILE variable,monitoring user activities.

Jackie Xu.

????????????????????????????????????????????????????????????.???????????????????????????
I believe i can fly!
0 Kudos
Reply
Krzysztof Kielak
Occasional Advisor

‎11-09-2001 03:36 AM

‎11-09-2001 03:36 AM

Re: How to find the log for changing password?

Hi,

if You have global profile for each user, that sets history file in local directory you can grep all those files for passwd command.

for example:
if all your user's account are located in /home, and your history file is named .sw_history in user's home directory, You can issue the command:

find /home -name .sw_history -exec grep passwd {} \;

rgds
Chris
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎11-09-2001 04:33 AM

‎11-09-2001 04:33 AM

Re: How to find the log for changing password?

hi,

Look at the /var/adm/syslog/syslog.log file
for details of password changes.
Since the file is normally huge for a busy
system, you can simply grep for what you want.
#grep /var/adm/syslog/syslog.log

-raj
Take it easy.
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎11-09-2001 12:20 PM

‎11-09-2001 12:20 PM

Re: How to find the log for changing password?

You need to make your system "trusted", otherwise there's no way to determine when a user changed their password last. You can make it trusted from "sam".

live free or die
harry
Live Free or Die
0 Kudos
Reply
Bernie Vande Griend
Respected Contributor

‎11-09-2001 12:47 PM

‎11-09-2001 12:47 PM

Re: How to find the log for changing password?

I'm assuming you are using local passwords, not NIS or NIS+.
If the system is not runinng as Trusted, it would be difficult. User history may help but it wouldn't tell you exactly when the change occurred. Also if the password was changed from root or another ID history wouldn't help a whole lot unless you looked at everyone's. The changed password is in /etc/passwd but without password aging enable there would be no fields here or elsewhere to see it was changed. I don't believe password changes are logged in /var/adm/syslog.log either, at least they aren't be default.
Ye who thinks he has a lot to say, probably shouldn't.
0 Kudos
Reply
David Lodge
Trusted Contributor

‎11-11-2001 06:19 AM

‎11-11-2001 06:19 AM

Re: How to find the log for changing password?

Try the following scriptlet:
(run as root - iff you are running on a trusted system)

for i in $(cut -f 1 -d : do
print "${i}:$(/usr/lbin/getprpw -m slogint ${i} | cut -f 2 -d =)"
done

dave
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.