HPE Community
Operating System - HP-UX
1823089 Members
3219 Online
109646 Solutions
New Discussion юеВ

Password expiration on untrusted systems

 
SOLVED
Go to solution
Gerald Virden
Advisor

тАО01-27-2004 04:57 AM

тАО01-27-2004 04:57 AM

Password expiration on untrusted systems

Hi all,
I read most of the forum messages on this issue but I haven't found info on when current passwords will expire once expiration begins. For example, will passwords expire in (for instance) 90 days once expiration is set on the system or would passwords expire for each user after 90 days since their last password change?
0 Kudos
Reply
6 REPLIES 6
Uday_S_Ankolekar
Honored Contributor

тАО01-27-2004 05:03 AM

тАО01-27-2004 05:03 AM

Re: Password expiration on untrusted systems

The minimum time of a password specifies the minimum time
required between password changes. This prevents users from
changing their password and then changing it back immediately
to avoid memorizing a new password.

The expiration time of a password specifies a time after which
a user must change the password at login.

The warning time specifies the time before expiration when a
warning will be issued.

The lifetime of a password specifies the time at which the account
associated with the password is locked if the password is not
changed. Once an account is locked, only the system administrator
can unlock it. Once unlocked, the password must still be changed
before the user can log into the account.

The expiration time and lifetime values are reset when a password
is changed. A lifetime of zero specifies no password aging; in this
case, the other password aging times have no effect.

This is from KB...

-USA..

Good Luck..
0 Kudos
Reply
David Burgess
Esteemed Contributor

тАО01-27-2004 05:05 AM

тАО01-27-2004 05:05 AM

Re: Password expiration on untrusted systems

Hi,

Take a look at the man page for useradd. The -e option specifies the expire time.

Also take a look at /etc/default/useradd which as it suggests is the defaults file for useradd values.

I think that's the only option outside of a trusted system.

Regards,

Dave.
0 Kudos
Reply
Helen French
Honored Contributor

тАО01-27-2004 05:09 AM

тАО01-27-2004 05:09 AM

Solution

Re: Password expiration on untrusted systems

After you set the password aging, the system will ask for a password change on the next login and then it will calculate the time from that point.

Read the man page for passwd for more details.
Life is a promise, fulfill it!
Reply
Steven E. Protter
Exalted Contributor

тАО01-27-2004 05:18 AM

тАО01-27-2004 05:18 AM

Re: Password expiration on untrusted systems

# passwd -r file -n $MINDAYS -x $MAXDAYS $user

this command lets you manipulate after the user is created.


The variable names are self explanatory.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО01-27-2004 06:05 AM

тАО01-27-2004 06:05 AM

Re: Password expiration on untrusted systems

The expiration is relative to the last passwd change. By the way, an expiration of 90 days cannot be set on an untrusted system. Because of the way the data is actually stored, the granularity is weeks not days so that 90 days would actually round up to the next whole week.
If it ain't broke, I can fix that.
0 Kudos
Reply
Gerald Virden
Advisor

тАО01-27-2004 06:19 AM

тАО01-27-2004 06:19 AM

Re: Password expiration on untrusted systems

Thanks all for your help.
David- I am able to set min max warn from a command line using passwd in an untrusted system. However I am using Shadow Password which may allow that to happen. There is also the option with Shadow Passwords to modify the /etc/defaults/security file and assign specific days to variables for min max warn and others.

Shiju- It looks like the real answer to my question is that when password expiration is implemented, the count starts from that point. Unless I passwd -f it will not require the users to change their password.

For example
$ passwd -s jvirden
jvirden PS 01/27/04 7 14 7

This shows after I issued the command
$ passwd -n 1 -w 2 -x 14 jvirden
that password expiration was started on the date I issued the command and as expected the numbers were rounded to the nearest week. I was not asked to change the password when I logged in.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.