HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Password Aging Policy in a trusted system
Operating System - HP-UX
1834165
Members
2004
Online
110064
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2003 02:42 PM
11-18-2003 02:42 PM
Hi
I have a question here.
In a trusted system environment, if an ID , say IDA is disabled because of password aging policy. Can you actually login using another id, say IDB (not disabled) and use the 'su' command to log into the system as IDA?
Please help and advise
REgards
Joyce
I have a question here.
In a trusted system environment, if an ID , say IDA is disabled because of password aging policy. Can you actually login using another id, say IDB (not disabled) and use the 'su' command to log into the system as IDA?
Please help and advise
REgards
Joyce
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2003 02:53 PM
11-18-2003 02:53 PM
Solution
Nope. That wouldn't be very secure if it worked would it? Only root can change a disabled or deactivated user account. If this is a pain to do and you need help, do NOT give the root password to anyone. Instead, get a copy of sudo and setup a very restricted use of thew special SAM command /usr/lbin/modprpw. Otherwise, look at restricted SAM to allow some users limited access to SAM's features.
Bill Hassell, sysadmin
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2003 03:02 PM
11-18-2003 03:02 PM
Re: Password Aging Policy in a trusted system
Yes you can login to the user whose accounts password has aged, when you login it will ask you to change the password. But you still can not su by another user, you'll have login as himself, change the password then it will work.
If the account is inactive then you can not login as another ID also.
If the absolute account life time has expired then also you can not login as nother ID
If the account is inactive then you can not login as another ID also.
If the absolute account life time has expired then also you can not login as nother ID
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2003 03:13 PM
11-18-2003 03:13 PM
Re: Password Aging Policy in a trusted system
There are 4 parameters in the password aging of trusted systems,
Time Between Password Changes
Password Expiration Time
Expiration Warning Time
Password Life Time
The account is disabled only when the password life time is crossed and the root user has to enable the account.
If the account is disabled you cannot login or do a su.That user is not accessible.
Meanwhile if the scenario is different like the user account is not disabled i.e not crossed the password life time then a password change is required for the user.Still only the super user can 'su' to that user and normal users cannot do that as the password is expired and requires a fresh one.
Time Between Password Changes
Password Expiration Time
Expiration Warning Time
Password Life Time
The account is disabled only when the password life time is crossed and the root user has to enable the account.
If the account is disabled you cannot login or do a su.That user is not accessible.
Meanwhile if the scenario is different like the user account is not disabled i.e not crossed the password life time then a password change is required for the user.Still only the super user can 'su' to that user and normal users cannot do that as the password is expired and requires a fresh one.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP