HPE Community
Operating System - HP-UX
1834817 Members
2627 Online
110070 Solutions
New Discussion

password expiry notification

 
SOLVED
Go to solution
Stan PIetkiewicz_1
Occasional Advisor

‎06-28-2004 07:47 AM

‎06-28-2004 07:47 AM

password expiry notification

HP-UX 11.0 on Nclass - set password notification in SAM to 10 days but users are NOT being notified until their passwd expires. Checked and the setting in 'system security policy - password aging policy' is for 10days - any idea what might be preventing the warning from being generated according to the setting?
It is statistically possible that my opinion is the same as someone else's, but it is still my opinion.
0 Kudos
Reply
7 REPLIES 7
RAC_1
Honored Contributor

‎06-28-2004 08:01 AM

‎06-28-2004 08:01 AM

Re: password expiry notification

Are you in trusted mode?? It is good to convert to trusted mode. IT offers lot of other security related features.

/usr/lbin/modprpw -m expwarn "user_name"

If not then you will have to do some scripting.

passwd -sa to get the information about when it is expiring and then calculating how many are remaining and sending an email.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Sundar_7
Honored Contributor

‎06-28-2004 09:00 AM

‎06-28-2004 09:00 AM

Solution

Re: password expiry notification

I believe password expiry warning is only possible in trusted system.

If you already have your system trusted then set this system wide password aging warning policy using modprdef

/usr/lbin/modprdef -m expwarn=5

Your users will receive a mail 5 days prior to the password expiry date.

Learn What to do ,How to do and more importantly When to do ?
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-28-2004 09:25 AM

‎06-28-2004 09:25 AM

Re: password expiry notification

Hi Colin,

Only users on the trusted systems will be notified on password expiry including their last successful/unsuccessful logins. Sometimes it may scroll so fast that you may not see the message during the login.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎06-29-2004 01:32 AM

‎06-29-2004 01:32 AM

Re: password expiry notification

If you use "PAM" (see man pam) and the server you validate against has password expiraration, login will honor it as well as force password change on next login.

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Stan PIetkiewicz_1
Occasional Advisor

‎06-29-2004 01:51 AM

‎06-29-2004 01:51 AM

Re: password expiry notification

Thanks for the suggestions ... not even a man page on modprdef. Did go ahead with the setting to 10 but still wonder why SAM did not work it. We are on trusted. Maybe SAM patch?

will be testing the setting to see if it works now.
It is statistically possible that my opinion is the same as someone else's, but it is still my opinion.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎06-29-2004 02:41 AM

‎06-29-2004 02:41 AM

Re: password expiry notification

Hi Colin,

modprdef is one of the backend commands used by SAM - these are rarely documented as they are intended to be used only by SAM, but they can prove useful.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Sundar_7
Honored Contributor

‎06-29-2004 05:55 AM

‎06-29-2004 05:55 AM

Re: password expiry notification

Colin,

modprpw and getprpw are documented in HP-UX 11i.

modprdef and getprdef are not documented even in 11i.

I am attaching the getprdef man page I received from some source.

HP will tell you this is not supported but it works and nobody wants to use SAM to set the custom password aging for selected set of 750 users :-).

Good luck

Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.