HPE Community
Operating System - HP-UX
1834015 Members
2164 Online
110063 Solutions
New Discussion

Password Aging on a non-trusted system

 
SOLVED
Go to solution
Smucker
Regular Advisor

‎08-13-2007 04:02 AM

‎08-13-2007 04:02 AM

Password Aging on a non-trusted system

I am looking into password aging on a non-trusted, non-shadow system (applications won't support these options)

This looks doable using the /etc/default/security file and updating the appropriate fields in the password file.

Has anyone done this? How did it go...any gotchas
0 Kudos
9 REPLIES 9
A. Clay Stephenson
Acclaimed Contributor

‎08-13-2007 04:13 AM

‎08-13-2007 04:13 AM

Solution

Re: Password Aging on a non-trusted system

I used it for many years before there were shadow files and/or trusted systems. If you were running NIS, the standard aging was all you had. The password aging subfields have functioned well for decades. You really don't need anything in /etc/default/security because password aging was working long before this file ever existed. The only gotcha is that eventhough you set the age and min time between changes in days, the actual resolution is one week because of the way the data are encoded. The weeks start on Thursdays UTC because 1-Jan-1970 was a Thursday UTC.
If it ain't broke, I can fix that.
0 Kudos
Uday_S_Ankolekar
Honored Contributor

‎08-13-2007 04:21 AM

‎08-13-2007 04:21 AM

Re: Password Aging on a non-trusted system

/etc/default/security file has parameters called PASSWORD_MINDAYS and PASSWORD_MAXDAYS for aging restrictions.

man security for more information

-USA..
Good Luck..
0 Kudos
whiteknight
Honored Contributor

‎08-13-2007 04:23 AM

‎08-13-2007 04:23 AM

Re: Password Aging on a non-trusted system


Hi Smucker,

Here is the solution to you. Please try it out, encourage you to use our Technical knowledge base.

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01024352-2

Hope to receive 10 pts from you. ;-)

WK
Problem never ends, you must know how to fix it
0 Kudos
Smucker
Regular Advisor

‎08-13-2007 06:02 AM

‎08-13-2007 06:02 AM

Re: Password Aging on a non-trusted system

Any ideas on a warning system for the user....
0 Kudos
Ivan Krastev
Honored Contributor

‎08-13-2007 06:48 AM

‎08-13-2007 06:48 AM

Re: Password Aging on a non-trusted system

Set PASSWORD_WARNDAYS in /etc/default/security.

See this doc - http://docs.hp.com/en/B2355-60105/security.4.html


regards,
ivan
0 Kudos
Steven E. Protter
Exalted Contributor

‎08-13-2007 07:12 AM

‎08-13-2007 07:12 AM

Re: Password Aging on a non-trusted system

Shalom,

/etc/default/security

Fully configurable. The is a man page on it and you can see the available features on that page.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Smucker
Regular Advisor

‎08-13-2007 07:26 AM

‎08-13-2007 07:26 AM

Re: Password Aging on a non-trusted system

Sorry the WARN parameter works only with Shadow passwords..
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎08-13-2007 07:45 AM

‎08-13-2007 07:45 AM

Re: Password Aging on a non-trusted system

Since you didn't bother to identify your OS version, it's difficult to say what works on what version. The attached Perl script, pwwarn.pl, should work on any standard passwd system.

You don't even have to know any Perl.

pwwarn.pl mickey minnie pluto
would output:

mickey3
minnie0
pluto12

Indicating that user mickey, for example, has 3 weeks left before expiration.

Now, any child on the streets of Starkville, should be able to leverage who, write or mail to determine that a warning needs to be sent and craft a shell script (or Perl script). It could be part of /etc/profile or it could be a job that is cron'ed. If cron'ed, you probably want a file that keeps up with who has been notified any when because I would get rather annoyed if some stupid box told me every 20 minutes that I need to change my password. This script could also read /etc/default/security for a parameter whether the OS actually supports or not.
If it ain't broke, I can fix that.
0 Kudos
Smucker
Regular Advisor

‎08-14-2007 05:04 AM

‎08-14-2007 05:04 AM

Re: Password Aging on a non-trusted system

Thanks I will user the perl program
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.