HPE Community
Operating System - HP-UX
1832617 Members
2628 Online
110043 Solutions
New Discussion

Passwords - non-expiring

 
SOLVED
Go to solution
Jason Antes
Occasional Advisor

‎01-23-2003 12:49 PM

‎01-23-2003 12:49 PM

Passwords - non-expiring

I noticed that when I set the security features in SAM for passwords (setting length, expiration time, etc.) it changes it for all the users. However, when I do a passwd -s -a it doesn't show any of the changes (even after doing a passwd -n 14 -m 180). My question is two-fold:

1) How can I tell if the password aging is working before the 180 days?

2) How can I get certain accouts (like ftp) to not use these rules? I don't want certain passwords to ever expire for certain accounts.

Thanks,
Jason
0 Kudos
Reply
6 REPLIES 6
A. Clay Stephenson
Acclaimed Contributor

‎01-23-2003 12:56 PM

‎01-23-2003 12:56 PM

Re: Passwords - non-expiring

You can run the logins command to check these settings. Man logins for details.

You can set the aging parameters for an individual user using the passwd command. Man passwd for details.
If it ain't broke, I can fix that.
0 Kudos
Reply
RAC_1
Honored Contributor

‎01-23-2003 12:59 PM

‎01-23-2003 12:59 PM

Re: Passwords - non-expiring

to set password aging etc for individual users use password command.

Check logins command to check details for users.

passwd -s user_id for details.
There is no substitute to HARDWORK
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎01-23-2003 01:29 PM

‎01-23-2003 01:29 PM

Re: Passwords - non-expiring

Easy method would be from sam, Select single user, and modify security policy for that perticular user.

-USA..
Good Luck..
0 Kudos
Reply
Jason Antes
Occasional Advisor

‎01-23-2003 01:29 PM

‎01-23-2003 01:29 PM

Re: Passwords - non-expiring

When I do the passwd -s it only shows PS. It doesn't show any other information even after I have done the passwd command to change the login.

It looks like the command is working for setting the aging as when I do a system audit using a 3rd party vendor security scanner it shows the appropriate numbers.
0 Kudos
Reply
avsrini
Trusted Contributor

‎01-23-2003 04:04 PM

‎01-23-2003 04:04 PM

Solution

Re: Passwords - non-expiring

Hi Jason,

You can use

logins -x -l username

to get the details of the Password security details. the last line will show the PS for password set, the next field shows when the password was changed. next fields shows the time between password changes, passwd max time, and passwd min time between changes.

check man logins for more info.

If your system is trusted

you can also check with
/usr/lbin/getprpw username


1. For checking the passwd aging works or not, change the passwd life time for a user to 2 days or so and check after that. You should get a warning message saying that your password is going to expire on (DATE).

2. For disabling the passwd aging for some users, you can use

/usr/lbin/modprpw -m mintm=0 username
/usr/lbin/modprpw -m exptm=0 username
/usr/lbin/modprpw -m lftm=0 username
/usr/lbin/modprpw -m expwarn=0 username

You can write a script to do this

Srini.

Be on top.
Reply
Jason Antes
Occasional Advisor

‎01-30-2003 08:30 AM

‎01-30-2003 08:30 AM

Re: Passwords - non-expiring

Thanks everyone, that helps out a lot. :-)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.