HPE Community
Operating System - HP-UX
1823309 Members
3075 Online
109653 Solutions
New Discussion юеВ

Re: HP-UX 11.31 User password change min days = 3

 
jason_lee
Honored Contributor

тАО11-03-2009 07:10 PM

тАО11-03-2009 07:10 PM

HP-UX 11.31 User password change min days = 3

Hi,
We have HP-UX 11.31 IA-64. We would like to have this security restriction:

"Minmum number days to elapse before a password can be changed = 3"

I used SMH to modify the System Default's "Security Attr. Config" for PASSWORD_MINDAYS=3
Then I create a new user, eg: user1
When done, in the "Detail view of user":user1.
....
....
PASSWORD_MINDAYS = 7

Why System value =3, User value =7?

Jason.
0 Kudos
Reply
15 REPLIES 15
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 07:23 PM

тАО11-03-2009 07:23 PM

Re: HP-UX 11.31 User password change min days = 3

>>"Minmum number days to elapse before a password can be changed = 3"<<<

does it mean globel or only for particular user account

>>Why System value =3, User value =7? <<<

you need check /etc/default/security file


Hope this helps

Regards,
Johnson

Problems are common to all, but attitude makes the difference
0 Kudos
Reply
jason_lee
Honored Contributor

тАО11-03-2009 07:26 PM

тАО11-03-2009 07:26 PM

Re: HP-UX 11.31 User password change min days = 3

Hi Johnson,

Of course, I would like it to be a global default, that's the reason I'm configuring it at the "System Default's security attributes configuration".

0 Kudos
Reply
jason_lee
Honored Contributor

тАО11-03-2009 07:29 PM

тАО11-03-2009 07:29 PM

Re: HP-UX 11.31 User password change min days = 3

Hi Johnson,

grep MINDAY /etc/default/security | grep -v \#

PASSWORD_MINDAYS=3

So, back to my question, why the new user created have a PASSWORD_MINDAYS=7 instead?

0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 07:31 PM

тАО11-03-2009 07:31 PM

Re: HP-UX 11.31 User password change min days = 3

Check below

See /etc/default/security

There is a man page and current settings can be viewed.

http://www.docs.hp.com/en/B2355-60103/security.4.html

http://docs.hp.com/en/B2355-60127/security.4.html
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 07:33 PM

тАО11-03-2009 07:33 PM

Re: HP-UX 11.31 User password change min days = 3

Download the pdf file of "HP-UX System Administrator's Guide: Security Management HP-UX 11i Version 3" from the below link.

http://docs.hp.com/en/5992-3387/5992-3387.pdf
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
jason_lee
Honored Contributor

тАО11-03-2009 07:36 PM

тАО11-03-2009 07:36 PM

Re: HP-UX 11.31 User password change min days = 3

Johnson,
I've already shown you, the content of /etc/default/security for PASSWORD_MINDAYS. It is already set to 3. Why the new user's PASSWORD_MINDAYS=7?

Any idea?
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 08:00 PM

тАО11-03-2009 08:00 PM

Re: HP-UX 11.31 User password change min days = 3

/usr/lbin/getprpw -l output what does its shows ?
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
jason_lee
Honored Contributor

тАО11-03-2009 09:27 PM

тАО11-03-2009 09:27 PM

Re: HP-UX 11.31 User password change min days = 3

Johnson,
man getprpw - "displays the user's protected password database settings ......This command is aval only to the superuser in a trusted system...

We didn't setup trusted system, does it mean that those "PASSWORD_XYZ" settings cannot work? I don't think so, since I've set those "PASSWORD_MIN_UPPER/SPECIAL/DIGIT/LOWER_ etc" & it is working. The system is enforcing the user to use a special characters etc when changing password.

Any other idea?
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 09:46 PM

тАО11-03-2009 09:46 PM

Re: HP-UX 11.31 User password change min days = 3

>>>man getprpw - "displays the user's protected password database settings ......This command is aval only to the superuser in a trusted system...<<<<

Above error Ok, becoz Its not trusted system or you are not "Super User" like root
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
jason_lee
Honored Contributor

тАО11-03-2009 09:49 PM

тАО11-03-2009 09:49 PM

Re: HP-UX 11.31 User password change min days = 3

Johnson,
That's not error, I'm showing you, it is from the output of "man".

Anyways, I'm running as root & we don't have trusted system enabled. My point is, since the given command will only work for trusted system, so, no point for me to run it right?

Why did you ask me to run that command in the first place? What's the relation to the problem I have?


0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 10:06 PM

тАО11-03-2009 10:06 PM

Re: HP-UX 11.31 User password change min days = 3

>>>>>>>Why did you ask me to run that command in the first place? What's the relation to the problem I have?<<<<<<<<<<<<

I thought was trusted system which you running my BAD,

what else did you tried ? after you changed "PASSWORD_MINDAYS=7" to 3?
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
jason_lee
Honored Contributor

тАО11-03-2009 10:43 PM

тАО11-03-2009 10:43 PM

Re: HP-UX 11.31 User password change min days = 3

It seems the PASSWORD_MINDAYS only applicable to /etc/shadow password. Sigh...I'm not sure what's the impact of converting to shadow password to the existing applications.

0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО11-03-2009 10:52 PM

тАО11-03-2009 10:52 PM

Re: HP-UX 11.31 User password change min days = 3

You Just need Answer, You broke heart :(

I hope you never go through docs which was attached above
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО11-03-2009 11:21 PM

тАО11-03-2009 11:21 PM

Re: HP-UX 11.31 User password change min days = 3

>It is already set to 3. Why the new user's PASSWORD_MINDAYS=7?

If you are not trusted, the default is in units of weeks. 3 gets rounded up to 7.
http://docs.hp.com/en/B2355-60130/passwd.4.html#d0e1054375
0 Kudos
Reply
OldSchool
Honored Contributor

тАО11-04-2009 10:27 AM

тАО11-04-2009 10:27 AM

Re: HP-UX 11.31 User password change min days = 3

"It seems the PASSWORD_MINDAYS only applicable to /etc/shadow password. Sigh...I'm not sure what's the impact of converting to shadow password to the existing applications."

that's not correct. It should work with the std password file as well. The issue is that everything gets rounded to increments of 7 days.

try setting it to say, 10 days, and observe what happens. It will either reamin 7 or bump to 14 (I don't recall)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.