HPE Community
Operating System - HP-UX
1832413 Members
3016 Online
110042 Solutions
New Discussion

Password Lifetime setting = Expiration of all passwords

 
SOLVED
Go to solution
jeff rowland
Occasional Contributor

‎10-04-2000 11:01 AM

‎10-04-2000 11:01 AM

Password Lifetime setting = Expiration of all passwords

Trying to figure out the command to make a global change to the password lifetime setting
Presently running HPUX 11.0 on a HP9000/879.

System DBA is away from office next few days and all of a sudden today all
use'sr accounst on the computer have been deactivated with no warning to user that they must change their password. Only way can let users back
on system is to reactivate account and change their password.

From what I have been able to find out the settings for passwords are as follows:
Time between password changes = 20 days
Password Expiration time in days = 120 days
Password Expiration warning time = 20 days
Password Life Time Days = 120 days.

Logic says that the Password Life Time setting has been reached.
Need your help and input to correct.
THANKS!!
You can Tune a Piano but you can't tuna fish
0 Kudos
Reply
10 REPLIES 10
Kofi ARTHIABAH
Honored Contributor

‎10-04-2000 12:24 PM

‎10-04-2000 12:24 PM

Solution

Re: Password Lifetime setting = Expiration of all passwords

Jeff:

If I understand your question, you want to be able to globally change passwd expiration dates. here is a script that would do it for you:

#!/bin/sh
#
daystoexpire=203
for user in `/usr/sbin/logins | /usr/bin/awk '{ printf $1}'`
do
passwd -x $daystoexpire $user
done

modify according to your needs.

Good luck
nothing wrong with me that a few lines of code cannot fix!
Reply
federico_3
Honored Contributor

‎10-05-2000 12:31 AM

‎10-05-2000 12:31 AM

Re: Password Lifetime setting = Expiration of all passwords



In order to change to set the password expirations, the number of days to the password expiring when the user will be notified that he has to change the password and the minimum number of days that must pass before changing the password and ...... ( man passwd for the options )
do



#!/bin/ksh

for user in `cat /etc/passwd | awk -F : '{print $1}'`
do
passwd -n min -w warm -x days $user
done

i hope this helps!


federico
Reply
Chris Garman
Frequent Advisor

‎10-05-2000 12:57 AM

‎10-05-2000 12:57 AM

Re: Password Lifetime setting = Expiration of all passwords

Jeff,

I agree that a password reaching its lifetime would do this, but it is surprising that every password became 120 days old at the same time, making me suspect there could be another cause.

One explaination could be corruption within the tcb that stores the authentication.

To begin diagnosis, please select two accounts that have expired and run:
/usr/lbin/getprpw
and post the output.
0 Kudos
Reply
Troy E. Miles
Advisor

‎03-01-2004 07:14 AM

‎03-01-2004 07:14 AM

Re: Password Lifetime setting = Expiration of all passwords

I hope someone is still looking at this chain.

If you change the setting for each user individually, does that supercede the default server settings?

0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎03-01-2004 07:18 AM

‎03-01-2004 07:18 AM

Re: Password Lifetime setting = Expiration of all passwords

Hi Troy,

Yes. You are correct. So, if you make any changes to the system defaults later, the users that got the setting altered will not be affected. However, uncoverting and converting the system will change the users back to use the default system values and you will need to change system defaults again ofcourse.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎03-01-2004 09:54 PM

‎03-01-2004 09:54 PM

Re: Password Lifetime setting = Expiration of all passwords

A call to "modprpw -E" will expire all user passwords.
Check cron (crobtab -l or look in /var/adm/cron/log) for any jobs that ran at that time & date. Could be this was planned......
Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
Troy E. Miles
Advisor

‎03-02-2004 01:44 AM

‎03-02-2004 01:44 AM

Re: Password Lifetime setting = Expiration of all passwords

Is there a command to reset password aging to 0 or "unexpire" passwords. I have several Trusted servers that are not using password aging. I want to enable password aging, but not require users to change password. Is that possible? I've been looking at modprpw, but I think I'm missing something.
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎03-02-2004 06:21 PM

‎03-02-2004 06:21 PM

Re: Password Lifetime setting = Expiration of all passwords

Use the -m options:

modprpw -m exptm=120 -m acctexp=120 username

But this is not a global setting, so you're going to have to awk the /etc/passwd file to get the usernames, or else set up a list of names in a file, and perform a "for x in .....do modprpw....done".

Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
Troy E. Miles
Advisor

‎03-18-2004 07:33 AM

‎03-18-2004 07:33 AM

Re: Password Lifetime setting = Expiration of all passwords

I tried modprpw -V. Has anyone else used this command?
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎03-18-2004 05:45 PM

‎03-18-2004 05:45 PM

Re: Password Lifetime setting = Expiration of all passwords

Yes, I've used "modprpw -V", but this only resets the password aging counter to 0, just as if the password had just been changed. But it DOESN'T actually reset the password.
Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.