HPE Community
Operating System - HP-UX
1836648 Members
2007 Online
110102 Solutions
New Discussion

Password change message

 
SOLVED
Go to solution
Marty Metras
Super Advisor

‎02-06-2004 06:52 AM

‎02-06-2004 06:52 AM

Password change message

We are not using a trusted system yet and I need to help my users remember how to create there pass words.

When users have to change there password they get these message.
I would like to change these message because the users need nore information.
Like the Rules are for the first 8 charaters.
They can not seem to remember after 90 days how to change there passwords.
Are these message some where I can easily change them?
May be I can do a work around.

Marty


------------------------------------------
"Your password has expired. Choose a new one
Changing password for metm
Old password:"
-------------------------------------------

When they messup they get this message:
---------------------------------------------------------
"Password too short - must be at least 6 characters
New password:
The password entered is not valid. Valid passwords must contain at least:
1 upper case character(s),
1 lower case character(s),
1 digit(s), and
0 special character(s)."
-----------------------------------------
The only thing that always remain the same are the changes.
0 Kudos
Reply
7 REPLIES 7
A. Clay Stephenson
Acclaimed Contributor

‎02-06-2004 07:03 AM

‎02-06-2004 07:03 AM

Re: Password change message

On a non-trusted system those rules and any user messages are "hard-coded" into the passwd command and cannot be changed. The solution is to make your own passwd command that can do anything you like. This was the common solution in the days before trusted systems. If you are a bit of a C programmer (or even Perl) this is not very difficult.


If it ain't broke, I can fix that.
Reply
Marty Metras
Super Advisor

‎02-06-2004 07:08 AM

‎02-06-2004 07:08 AM

Re: Password change message

Thanks Clay,
THat what it looked like to me. I had to ask.
I just change the /etc/issues file with a message or put some thing is the main profile and have a message popup a day or so before it time.

Thanks again.
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-06-2004 07:27 AM

‎02-06-2004 07:27 AM

Re: Password change message

Hi,

I am not sure if I understood you message.

While you cannot change the actual text, you can adjust the values (like must be alteast 8 chars) by manipulating /etc/default/security file.

For ex., the following lines

PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1
PASSWORD_MIN_SPECIAL_CHARS=1
MIN_PASSWORD_LENGTH=8

Will display

Password too short - must be at least 8 characters

And

The password entered is not valid. Valid passwords must contain at least:
1 upper case character(s),
1 lower case charcter(s),
1 digit(s), and
1 special character(s).

That's the best you can get.

This is valid for only 11.0 (with patch) and above only. On 11i, you can get it without any patches.

'man 4 security' for more information.

You can force a user password to expire by using the command 'passwd -x'. However, it will not notify the user about the expiration in advance unlike in trusted systems.


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎02-06-2004 07:33 AM

‎02-06-2004 07:33 AM

Solution

Re: Password change message

Hi Marty,

Another option would be to put a wrapper around the /usr/bin/passwd file that would echo whatever msgs you want & then run the actual passwd command.
Since /sbin/passwd is not executable by normal users, we don't have to worry about their path, so just rename /usr/bin/passwd to passwd1, then create the /urs/bin/passwd script with:

echo "This is the first line...."
echo "This is the second line..."
echo "etc........."
/usr/bin/passwd1

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Marty Metras
Super Advisor

‎02-06-2004 07:36 AM

‎02-06-2004 07:36 AM

Re: Password change message

Thanks Sri

No problem with that. My problem is the Users.
I just got a reply from our ERP apps people. I have been waiting weeks for a reply from them.
It will run under a trusted system so veryly shortly I will be changing so this is not an issue any more.

Thanks for your input.
Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
Marty Metras
Super Advisor

‎02-06-2004 07:38 AM

‎02-06-2004 07:38 AM

Re: Password change message

Neet idea Jeff.

Marty
The only thing that always remain the same are the changes.
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎02-09-2004 04:24 AM

‎02-09-2004 04:24 AM

Re: Password change message

I generally agree with Jeff, but would like to add a few caveats.

Beware that if you use his idea as is, it will result in swverify errors and the change will be lost when passwd patches are installed.

Also, although Jeff's approach is safe/useful in many cases, in the specific case of passwd it can cause trouble. This is because the passwd binary has multiple links to it. Depending on the HP-UX release, the same binary may be used for passwd, nispasswd, yppasswd, chfn and chsh. When any of these commands is run, the code looks at the last component of the pathname of the binary that was invoked (argv[0]) and adjusts its behavior accordingly. So if you rename passwd to passwd1, for example, you may break this code. To avoid the risk of this type of problem it would be safer to save the original binary in some other directory, keeping the file name of 'passwd' (/usr/real_bin/passwd, for example) than to rename passwd to passwd1 in /usr/bin.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.