HPE Community
Operating System - HP-UX
1757767 Members
2290 Online
108863 Solutions
New Discussion юеВ

Re: HPUX user secuirity

 
Chandrahasa s
Valued Contributor

тАО06-13-2011 11:52 PM

тАО06-13-2011 11:52 PM

HPUX user secuirity

Hi Masters,

We have recently changed user secuirity parameters in /etc/default/security
PASSWORD_MAXDAYS=60 to PASSWORD_MAXDAYS=30

But when I run command #logins -aox I am not finding this change has not updated to all users.

Requested to help on this.

Also please share info like from where "logins" command takes input.

Chan
0 Kudos
Reply
4 REPLIES 4
Matti_Kurkela
Honored Contributor

тАО06-14-2011 01:00 AM

тАО06-14-2011 01:00 AM

Re: HPUX user secuirity

The setting in /etc/default/security is only a system-wide default, for those users that don't have a custom password maximum age setting.

The user-specific custom setting (if set for a user) is stored along with the user's password:

- if you use Standard Mode (encrypted passwords in /etc/passwd), the password expiration can be encoded within the encrypted password string. If the password field includes a comma "," it indicates this encoding has been used. See "man 4 passwd" for details about this encoding.

- if you use Trusted System Mode, user-specific password expiration time is specified in the /tcb/files/auth/?/ as "u_exp" and/or "u_life". See "man prpwd" and/or "man modprpw" for more information.

- if you use shadow passwords, the user-specific expiration time is specified by the 5th field of the user record in the /etc/shadow file. See "man 4 shadow" for more information.

MK
MK
0 Kudos
Reply
Chandrahasa s
Valued Contributor

тАО06-14-2011 05:14 AM

тАО06-14-2011 05:14 AM

Re: HPUX user secuirity

Hi,

Other then /etc/default/security file option is there any command which can be used to set "password history depth" parameter.

Chan
0 Kudos
Reply
щ╗ЮчЗГ
Valued Contributor

тАО06-16-2011 05:13 AM

тАО06-16-2011 05:13 AM

Re: HPUX user secuirity

saludos chan,

is your system a trusted on? If yes, did you try /usr/lbin/modprpw command? You can view the information about a user through /usr/lbin/getprpw command.

If not trusted, there should be some option with the passwd command, or you can use SAM.

Man's mind, once stretched by a new idea, never regains its original dimensions
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО06-16-2011 06:40 AM

тАО06-16-2011 06:40 AM

Re: HPUX user secuirity

If you're using the new shadow password mode, you can make user-specific settings of PASSWORD_HISTORY_DEPTH with:

userdbset -u PASSWORD_HISTORY_DEPTH=

See "man userdbset".

If you're using Trusted System Mode, the system-wide setting in /etc/default/security is the only way to set PASSWORD_HISTORY_DEPTH.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.