HPE Community
Operating System - HP-UX
1827286 Members
1785 Online
109717 Solutions
New Discussion

password expiration message

 
SOLVED
Go to solution
Ray Brewer
Valued Contributor

‎09-19-2002 03:25 PM

‎09-19-2002 03:25 PM

password expiration message

I have a situation where users are not seeing the message "your password will expire...". We are running 11.0 and 11.11 system that are trusted. What happens is that they will log in to a system get the messages

Last successful login for : Thu Sep 19 16:20:27 PST8PDT 2002 on pts/3
Last unsuccessful login for : Tue Aug 27 05:46:52 PST8PDT 2002

then if their password is about to expire that message will appear then immediatly the copyright information will be displayed. I know that /etc/profile is doing a cat of /etc/copyright and I could just eliminate it (at least I don't think there is anything stopping me from doing so) but what I would like to do is find some way to display the "password is expiring" message after the copyright info and right before the shell prompt. I would also like to possibly force the user to acknowledge the message and/or give them the ability to change their password at that time. Any thoughts?
0 Kudos
Reply
4 REPLIES 4
Patrick Chim
Trusted Contributor

‎09-19-2002 04:30 PM

‎09-19-2002 04:30 PM

Re: password expiration message

Hi,

Have you set the "Password Expiration Warning Time (days)" ?

You can go to
SAM -> Auditing and Security -> System Security Policies -> Password Aging Policies

When you enable the "Password Aging" then you can set the according field. This is the default policies when you create the user next time.

For existing user, you can update that field by using 'passwd -w ...' or you can man passwd for more details !

Below is the messages output when I enable that field,

HP-UX hostname B.11.11 U 9000/800 (ta)

login: root
Password:
Last successful login for root: Fri Sep 20 08:26:35 EAT-8 2002 on pts/ta
Last unsuccessful login for root: Sun Jun 30 16:56:13 EAT-8 2002
Your password will expire on Tue Sep 24 16:08:41 EAT-8 2002

Please wait...checking for disk quotas
Value of TERM has been set to "vt100".
WARNING: YOU ARE SUPERUSER !!

root@hostname:/ *)
>

Regards,
Patrick
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-19-2002 05:10 PM

‎09-19-2002 05:10 PM

Solution

Re: password expiration message

The second thing I change in /etc/profile is the copyright message. (the first is mandatory: add umask 022) Change the line with copyright to something like:

echo "To read copyrights: cat /etc/copyright"

Now the requisite copyright notice has been displayed. That reduces login clutter. Now the passwd command has been siginificantly enhanced for 11.0 and up. The passwd -s option is something you can use to decode some of the expiration options. Check out the others.

Another option is to look at the man page for getprpw (missing at 11.0, there at 11.11) or read it at docs.hp.com. The -m option allows you to retrieve all the Trusted info for a specific user.


Bill Hassell, sysadmin
Reply
Ray Brewer
Valued Contributor

‎09-20-2002 07:06 AM

‎09-20-2002 07:06 AM

Re: password expiration message

Patrick,

Yes I have the "password expiration warning time" set. Sorry I wasn't clear on that. What is happening is the user gets the message but it scrolles off the screen so fast because the copyright info gets displayed. Therefor they never get the chance to read it and in certain cases their accounts get disabled. What we need to do is make sure the user gets to see the message. Again sorry I wasn't clear on that point.

Bill,

Thanks for your suggestions I will look into them.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-20-2002 07:48 AM

‎09-20-2002 07:48 AM

Re: password expiration message

Hi,

If it is not too annoying for them, put a "sleep n" at the beginning of /etc/profile.
This will keep your expiration message for n seconds and then display the rest of it.

You can be more specific, put a statement like this in /etc/profile in the beginning.

echo "press any key to return"
read

Also, you can run getprpw command against the user and write a script and put it in profile if you want to customize it.


-Sri

You may be disappointed if you fail, but you are doomed if you don't try
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.