HPE Community
Operating System - HP-UX
1819803 Members
3167 Online
109607 Solutions
New Discussion юеВ

passwd never expire

 
Christina_27
New Member

тАО09-06-2005 03:00 PM

тАО09-06-2005 03:00 PM

passwd never expire

Hi,

I need to disable password expiry for one HP-UX user account without using SAM.
Does below syntax work and any side effect ?
passwd -x 0

I see another post of suggesting using of modprpw. Is there any side effect and risk of
corrupting the database as said in MAN page?

B. Rgds
0 Kudos
Reply
7 REPLIES 7
Con O'Kelly
Honored Contributor

тАО09-06-2005 03:10 PM

тАО09-06-2005 03:10 PM

Re: passwd never expire

Hi Christina

Use the following command to disable password aging and account expiry for an individual user:

/usr/lbin/modprpw -m exptm=0,lftm=0,mintm=0,expwarn=0,llog=0

Cheers
Con
0 Kudos
Reply
morganelan
Trusted Contributor

тАО09-07-2005 12:01 AM

тАО09-07-2005 12:01 AM

Re: passwd never expire

I think using sam will be better than using command line.passwd -x 0 command work at certain extent but your password option still not change to No Restriction (Normal behaviour), this command will choose Allow only Super User to Change Password.modprpw is a command to modify protected password database
on trusted system.You must aware about your system: trusted or non-trusted?
Kamal Mirdad
0 Kudos
Reply
Christina_27
New Member

тАО09-12-2005 06:07 PM

тАО09-12-2005 06:07 PM

Re: passwd never expire

Thanks Con and Moqanelan !

My system is not trusted system. Can I use modprpw ?

We could not use SAM, because it has some unexpected behaviour. However we could not add the patch because of some other reasons.

B. Rgds
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО09-12-2005 06:15 PM

тАО09-12-2005 06:15 PM

Re: passwd never expire

modprpw is only for trusted systems. I amnot sure how you do this using a command but if you edit your /etc/passwd file, you will see a sequence of characters making up encrypted password followed by ,XX where XX stands for two alphanumerical characters. If you happen to delete these last 3 characters from the encrypted password field in this file, you will effectively remove the password aging. A caveat emptor, there might be scripts running out of cron, re-establishing password expiration which may nullify what you do by eliminating those 3 characters.

HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Ivajlo Yanakiev
Respected Contributor

тАО09-12-2005 07:24 PM

тАО09-12-2005 07:24 PM

Re: passwd never expire

I thinks that in non trust mod you can not set
password expiry for one HP-UX user account.
This is possible only in trust mode.
0 Kudos
Reply
john kingsley
Honored Contributor

тАО09-13-2005 12:39 AM

тАО09-13-2005 12:39 AM

Re: passwd never expire

If your system is not trusted, it will not support account locking. However, password aging -- forcing users to change passwords after a fixed amount of time -- is supported on non-trusted systems. The easiest way to disable aging on a user account is to remove the aging fields from the end of the encrypted password using vipw. If aging is setup, there will be 5 extra characters at the end of the password field:

:XXXXXXXXXXXXX,MNLL:
,MNLL is the password aging field.
M - Max life of the password
N - Min life of the password
LL - Date password was last changed

The values in these fields are in base-64, so the easies way to view the real values is with "passwd -s -a" or "logins -x -l".

To disable password aging, just delete the ",MNLL" from the end of the password field.
0 Kudos
Reply
DCE
Honored Contributor

тАО09-13-2005 01:09 AM

тАО09-13-2005 01:09 AM

Re: passwd never expire

Chrtina,

John hit the nail on the head. Edit the passwd file and remove the comma and subsequent characters in the coded field.
I have used this method many times without any issues.

Dave
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.