HPE Community
Operating System - HP-UX
1833739 Members
2477 Online
110063 Solutions
New Discussion

Re: passwd ageing

 
SOLVED
Go to solution
Animesh Chakraborty
Honored Contributor

‎03-20-2001 12:49 AM

‎03-20-2001 12:49 AM

passwd ageing

Hi All,
How can I set passwd ageing ?
Is converting to trusted system a must ??


Thanks in advance
Animesh
Did you take a backup?
0 Kudos
Reply
8 REPLIES 8
Philip Chan_1
Respected Contributor

‎03-20-2001 12:59 AM

‎03-20-2001 12:59 AM

Re: passwd ageing

Yes, you must convert to trust for having password ageing functionality.

Once your system being converted to trusted mode, enter SAM -> System Security Policy and you'll see the password ageing menu there.

~Philip
0 Kudos
Reply
federico_3
Honored Contributor

‎03-20-2001 01:01 AM

‎03-20-2001 01:01 AM

Re: passwd ageing

it's not necessary to activate the trusted mode for using the password aging.
go to SAM -> when you are defining a user set the password aging from "set password option "..

Federico
0 Kudos
Reply
Philip Chan_1
Respected Contributor

‎03-20-2001 01:15 AM

‎03-20-2001 01:15 AM

Re: passwd ageing

Oaks! Federico is right. You can have password ageing in per user basis without converting to trusted system.
0 Kudos
Reply
Pete Ellis
Trusted Contributor

‎03-20-2001 01:17 AM

‎03-20-2001 01:17 AM

Re: passwd ageing

Look at the passwd man page, the -n -x options allow you to set a min and max password life per user. Also -w allows a warn time.
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

‎03-20-2001 01:19 AM

‎03-20-2001 01:19 AM

Re: passwd ageing

Hi Federico,
Yes I can set the passwd ageing but I need to do one by one for all users.I have got lot of existing users in my system.If I convert in to trusted system do I need to modify one by one?
Will converting into trusted system lead to any problem spacially mc/service guard ?
Did you take a backup?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-20-2001 02:04 AM

‎03-20-2001 02:04 AM

Re: passwd ageing

Hi,

If you are using SAM, you still have to highlight each user account and change the user password one by one in trusted system. However, for new users, you can make use of "User Templates" in SAM to customize the password expiration time for new users.

If you are using the command-line, you can write a script that calls passwd -x:
==
#!/sbin/sh

for user in `cat /etc/passwd|cut -d: -f1`
do
passwd -x 27 $user
done
==

The -x option allows you to determine the maximum number of days, max, a password can remain unchanged. The user must enter another
password after that number of days has transpired, known as the password expiration time.

I am running Trusted Systems with all my MC/ServiceGuard clusters. I have not encountered any problems.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
Reply
Kevin Wright
Honored Contributor

‎03-20-2001 12:38 PM

‎03-20-2001 12:38 PM

Solution

Re: passwd ageing

I just wrote a script to do the exact same thing on 6 boxes..maybe this will help.
#!/bin/ksh
#this script will change the password expiration time
#for all users on the system

/sbin/cat /etc/passwd | awk -F: '{print $1}'> /tmp/pass2change

for user in `/sbin/cat /tmp/pass2change`
do
/sbin/passwd -x 60 $user
echo "changing expiration time for $user to 60 days"
done
Reply
Bruce Regittko_1
Esteemed Contributor

‎03-20-2001 01:57 PM

‎03-20-2001 01:57 PM

Re: passwd ageing

Hi,

A few comments about passwd options and scripts.

1. The -w (warn) option only works on trusted systems.

2. If the -n (min) option is not specified, it is set to 0. This means that a user could be forced to change their password, wait 2 minutes, and change it back.

3. On non-trusted systems, the value of -x and -n is rounded up to the nearest week. Thus, -x 60 is effectively 63, which is 9 weeks.

For more information, see the man page for passwd(1).

--Bruce
www.stratech.com/training
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.