HPE Community
Operating System - HP-UX
1834454 Members
2377 Online
110067 Solutions
New Discussion

Re: password aging

 
M. Tariq Ayub
Regular Advisor

‎01-14-2004 01:56 PM

‎01-14-2004 01:56 PM

password aging

Hi,

i have 2 question regarding password aging

1. Can it be set for all user at a time. ie when new user is created he will automatically have the same policy.

2. Can i set message that will appear to a user 5/6 days before password expires.

Khashru
0 Kudos
Reply
5 REPLIES 5
Michael Tully
Honored Contributor

‎01-14-2004 02:07 PM

‎01-14-2004 02:07 PM

Re: password aging

You can set it system wide.
sam --> auditing and security --> system security policies --> password aging policies
or you can set it individually.
accounts for users --> users --pick you user --> actions --> modify security policy

As far as the warning is concerned, this in the system wide password aging policies and shown above. (password expiration warning time) which you can set to however many days you like.
Anyone for a Mutiny ?
0 Kudos
Reply
M. Tariq Ayub
Regular Advisor

‎01-14-2004 02:13 PM

‎01-14-2004 02:13 PM

Re: password aging

Hi,

i donot have trusted system. And i donot want to do that. In that case how can i set machine wide and also add message.

0 Kudos
Reply
Michael Tully
Honored Contributor

‎01-14-2004 02:35 PM

‎01-14-2004 02:35 PM

Re: password aging

As far as I know you can't set these policies without your system being trusted. Changing to trusted sets up a database for a variety of password aging functions.
The only aging you can use for passwords is time related and you cannot create warnings without writing a quite detailed script. See man 4 passwd for details on setting up the actual aging.
Anyone for a Mutiny ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-14-2004 02:56 PM

‎01-14-2004 02:56 PM

Re: password aging

You can set these passwords with the passwd command by running a script.


the variables are descriptive.

# passwd -r file -n $MINDAYS -x $MAXDAYS $user

How and when to trigger it, is your part of the job.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎01-14-2004 05:35 PM

‎01-14-2004 05:35 PM

Re: password aging

Hi,

Yes, you can do it, if you are running on HP UX 11i and installed a additional product called HP ShadowPassword Bundle.

It will add 3 parameters in /etc/default/security file which can be used to acheive it. after installing this /etc/passwd file will not have encrypted password, these will be moved to /etc/shadow file.

it can be done without converting system into trusted mode.

read this for more info

http://newfdawg.com/SecBook-2.4.1.htm

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.