Re: Password Lifetime setting = Expiration of all passwords

jeff rowland · ‎10-04-2000

Trying to figure out the command to make a global change to the password lifetime setting
Presently running HPUX 11.0 on a HP9000/879.

System DBA is away from office next few days and all of a sudden today all
use'sr accounst on the computer have been deactivated with no warning to user that they must change their password. Only way can let users back
on system is to reactivate account and change their password.

From what I have been able to find out the settings for passwords are as follows:
Time between password changes = 20 days
Password Expiration time in days = 120 days
Password Expiration warning time = 20 days
Password Life Time Days = 120 days.

Logic says that the Password Life Time setting has been reached.
Need your help and input to correct.
THANKS!!

You can Tune a Piano but you can't tuna fish

Kofi ARTHIABAH · ‎10-04-2000

Jeff:

If I understand your question, you want to be able to globally change passwd expiration dates. here is a script that would do it for you:

#!/bin/sh
#
daystoexpire=203
for user in `/usr/sbin/logins | /usr/bin/awk '{ printf $1}'`
do
passwd -x $daystoexpire $user
done

modify according to your needs.

Good luck

nothing wrong with me that a few lines of code cannot fix!

federico_3 · ‎10-05-2000

In order to change to set the password expirations, the number of days to the password expiring when the user will be notified that he has to change the password and the minimum number of days that must pass before changing the password and ...... ( man passwd for the options )
do

#!/bin/ksh

for user in `cat /etc/passwd | awk -F : '{print $1}'`
do
passwd -n min -w warm -x days $user
done

i hope this helps!

federico

Chris Garman · ‎10-05-2000

Jeff,

I agree that a password reaching its lifetime would do this, but it is surprising that every password became 120 days old at the same time, making me suspect there could be another cause.

One explaination could be corruption within the tcb that stores the authentication.

To begin diagnosis, please select two accounts that have expired and run:
/usr/lbin/getprpw
and post the output.

Troy E. Miles · ‎03-01-2004

I hope someone is still looking at this chain.

If you change the setting for each user individually, does that supercede the default server settings?

Sridhar Bhaskarla · ‎03-01-2004

Hi Troy,

Yes. You are correct. So, if you make any changes to the system defaults later, the users that got the setting altered will not be affected. However, uncoverting and converting the system will change the users back to use the default system values and you will need to change system defaults again ofcourse.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Jakes Louw · ‎03-01-2004

A call to "modprpw -E" will expire all user passwords.
Check cron (crobtab -l or look in /var/adm/cron/log) for any jobs that ran at that time & date. Could be this was planned......

Trying is the first step to failure - Homer Simpson

Troy E. Miles · ‎03-02-2004

Is there a command to reset password aging to 0 or "unexpire" passwords. I have several Trusted servers that are not using password aging. I want to enable password aging, but not require users to change password. Is that possible? I've been looking at modprpw, but I think I'm missing something.

Jakes Louw · ‎03-02-2004

Use the -m options:

modprpw -m exptm=120 -m acctexp=120 username

But this is not a global setting, so you're going to have to awk the /etc/passwd file to get the usernames, or else set up a list of names in a file, and perform a "for x in .....do modprpw....done".

Trying is the first step to failure - Homer Simpson

Troy E. Miles · ‎03-18-2004

I tried modprpw -V. Has anyone else used this command?

Jakes Louw · ‎03-18-2004

Yes, I've used "modprpw -V", but this only resets the password aging counter to 0, just as if the password had just been changed. But it DOESN'T actually reset the password.

Trying is the first step to failure - Homer Simpson

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Password Lifetime setting = Expiration of all passwords

Password Lifetime setting = Expiration of all passwords