logonid is "Exceeded last login time" but I don't know why

Scott Lindstrom_2 · ‎06-11-2010

I have an ID in which we have all password aging disabled (that I know of) yet the ID still has the second lockout flat set (lockout=0100000).

Here is some relevant output:

#/usr/lbin/getprpw dpiadm
uid=4026, bootpw=NO, audid=85, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Tue Aug 11 10:17:09 2009, upwchg=-1, acctexp=-1, llog=-1,
expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Tue Aug 11 10:04:52 2009,
ulogint=-1, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=0, alock=NO, lockout=0100000

General User Account Policies:
Lock Inactive Accounts:
Enabled: Maximum time allowed between logins (days): 90 (<- though this should be overridden for this ID)

/tcb entry:

dpiadm:u_name=dpiadm:u_id#4026:\
:u_pwd=xxxxxxxxxxxxxxxx:\
:u_auditid#85:\
:u_auditflag#1:\
:u_minchg#0:u_exp#0:u_life#0:u_succhg#1250003829:\
:u_pw_expire_warning#0:u_suclog#1250003092:u_maxtries#0:u_lock@:\
:chkent:

#perl -e 'print scalar localtime(1250003092)'
Tue Aug 11 10:04:52 2009

What can possibly be set here that makes the ID set as "Exceeded last login time"?

TIA,
Scott

Matti_Kurkela · ‎06-11-2010

Once a lockout flag gets set on an account, it won't be unset by later changes to the password aging parameters for that account.

You must explicitly unlock the account to reset the flags and make the account usable again:

/usr/lbin/modprpw -k dpiadm

Also note that getprpw reports "llog=-1", i.e. the system-wide inactivity policy _is_ followed with this account. The equivalent /tcb entry key would be "u_llogin", which does not appear in the /tcb entry you posted.

To prevent this inactivity lock-out from happening again, use:

/usr/lbin/modprpw -m llog=0 dpiadm

MK

MK

Scott Lindstrom_2 · ‎06-11-2010

Matti - thank you for that great explanation!

Scott

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

logonid is &quot;Exceeded last login time&quot; but I don't know why

logonid is "Exceeded last login time" but I don't know why

Re: logonid is "Exceeded last login time" but I don't know why

Re: logonid is "Exceeded last login time" but I don't know why

logonid is "Exceeded last login time" but I don't know why