HPE Community
Operating System - HP-UX
1847704 Members
4598 Online
110265 Solutions
New Discussion

Re: password aging

 
Angela Swyers_1
Frequent Advisor

‎06-29-2004 04:38 AM

‎06-29-2004 04:38 AM

password aging

How do I turn on password aging for all my existing users without having to go into each one individually and change it?
0 Kudos
Reply
6 REPLIES 6
Mel Burslan
Honored Contributor

‎06-29-2004 04:51 AM

‎06-29-2004 04:51 AM

Re: password aging

There exists a utility called pwage and for the life of me I can not remember where it was right now. This utility modifies your encrypted password entry in the passwd file to change the password aging of any given user. By the word changing, I mean turns it on or off as well as determines the length of the expiration in the granulatrity of weeks.

If you can get your hands on this utility, the task you are looking into is a plain vanilla script, something like (on an untrusted system):

cat /etc/passwd | while read line
do
username=`echo line | cut -d: -f1`
pwage [necessary swithches] $username
done

I hope someone here can direct you where to find this neat utility. I used to use it daily in one of my old workplaces and did not make a copy of it on a tape (dang).
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎06-29-2004 04:52 AM

‎06-29-2004 04:52 AM

Re: password aging

Well, you really have to do this for each user but the answer is to write a simple script: Here is a quick example assuming that you only want to age passwds with UIDS >= 101

awk -F":" '{if (($3 + 0) >= 101) print $1}' < /etc/passwd | while read USR
do
echo "User: ${USR}"
passwd -x 90 -n 7 ${USR}
done

That will set the users' passwords to expire in 90 days (rounded to the nearest week) and require 7 days to pass before a passwd can be changed. You could also add a -f to force all passwd to be expired so that the users would need to change passwords upon the next login.
If it ain't broke, I can fix that.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-29-2004 04:56 AM

‎06-29-2004 04:56 AM

Re: password aging

You can do it with sam

sam

accounts and users

accounts

pick the account

modify user

There is a dialog to turn off aging

This is automated as follows:
passwd -x max 0
passwd -x min 0

This turns off aging.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sundar_7
Honored Contributor

‎06-29-2004 06:06 AM

‎06-29-2004 06:06 AM

Re: password aging

you will have to mention if it is a trusted system or not ?

passwd with -x option will do for a system that is not trusted

if your system is trusted then it is much easier.

/usr/lbin/modprdef -m exptm=90,expwarn=10,mintm=10

exptm - Password expiry time in days
expwarn - Password expiry warning
mintm - Minimum time between password changes

but remember, in trusted system if you enable password aging and if the user has not changed their password in the last "exptm" days then their password will be expired. Worst if you have password lifetime set for the accounts, your user account will be disabled if they havent changed their password in "lftm" days.

if you want the password aging to start counting the days from today then

# /usr/lbin/modprpw -V

The above command will reset the last successful password change time to the current time.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Stan PIetkiewicz_1
Occasional Advisor

‎06-29-2004 06:15 AM

‎06-29-2004 06:15 AM

Re: password aging

I used ...

SAM

Auditing and Security

System Security Policies

Password Aging Policies and others there for terminal settings etc.
It is statistically possible that my opinion is the same as someone else's, but it is still my opinion.
0 Kudos
Reply
Nick D'Angelo
Super Advisor

‎04-21-2005 06:04 AM

‎04-21-2005 06:04 AM

Re: password aging

Some points for the answers would be appreciated.
Always learning
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.