HPE Community
Operating System - HP-UX
1833767 Members
2602 Online
110063 Solutions
New Discussion

Password

 
SOLVED
Go to solution
Peter Young_4
Advisor

‎08-12-2004 02:24 AM

‎08-12-2004 02:24 AM

Password

We are running HP-UX11i on an rp8420. I need to find out who changed a password for a particular user and at what time. Are there any logs which may provide me with this information?
0 Kudos
Reply
7 REPLIES 7
Pete Randall
Outstanding Contributor

‎08-12-2004 02:26 AM

‎08-12-2004 02:26 AM

Re: Password

Peter,

The only people that can change the password would be the user themselves or root. To the best of my knowledge this information is not logged anywhere and, even if it was, you would not necessarily know who was logged in as root.

I would suggest that you query anyone who has access to the root password.


Pete

Pete
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-12-2004 02:35 AM

‎08-12-2004 02:35 AM

Solution

Re: Password

If system is in trusted mode the time of last successful password change can be known.

/usr/lbin/getprpw -m spwchg "user_name"

On non-trusted systems,

passwd -sa, should give you something.

It is not possible to know who changed it - root or user himself.

Anil
There is no substitute to HARDWORK
Reply
Patrick Wallek
Honored Contributor

‎08-12-2004 02:36 AM

‎08-12-2004 02:36 AM

Re: Password

Is this system trusted? If so, you should be able to use the getprpw command to see when the password was changed.

Try this:

# /usr/lbin/getprpw -m spwchg userid

I haven't been able to figure how to get who changed it.

Ways a passwd can be changed:
1) The user themselves
2) root
3) someone with restricted SAM access that can do user maintenance
4) someone with appropriae sudo (or some equivalent program) access

0 Kudos
Reply
john kingsley
Honored Contributor

‎08-12-2004 02:39 AM

‎08-12-2004 02:39 AM

Re: Password

If you have password aging enabled,
passwd -s -a
Will give you the date that the password was last changed.
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎08-12-2004 03:15 AM

‎08-12-2004 03:15 AM

Re: Password

IF there is not default (system) way options do then, we can go for scripting as,

Make a script as,

mv /usr/bin/passwd to /usr/bin/passwdorg

And gets the passwd command arguments and call the /usr/bin/passwdorg (original command) in it.

Here include your debug statments of date,userasked informations of full command line arguments to a logfile (/var/adm/syslog/passwdlog ).

Move this script to /usr/bin/passwd location so that all passwd actions will be logged.

HTH.

Regards
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Peter Young_4
Advisor

‎08-12-2004 03:20 AM

‎08-12-2004 03:20 AM

Re: Password

Anil got there first. Thanks for all your help chaps.

Pete
0 Kudos
Reply
Sundar_7
Honored Contributor

‎08-12-2004 03:28 AM

‎08-12-2004 03:28 AM

Re: Password

on a 11i (atleast in my machine :-)) trusted system, if the user password is changed by root, the next time the user logs in, a message similar to the one is displayed

login: swamins1
Your password was changed by root
Password:

If the password was changed by the user itself, the user will not see any message.

u_pwchanger is the field in the TCB file that contains the username of the user that changed the password.


u_pwchanger This field records the user id of the last person to
change the account password if that user was not the
same the account's user. This is used to warn the user
at login time if the account password has been changed
possibly without the knowledge of the user.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.