Operating System - HP-UX
1839158 Members
4526 Online
110136 Solutions
New Discussion

query trusted systems password database

 
Franz P
Advisor

query trusted systems password database

I am just writing a few monitoring scripts about password aging, locked users etc.

Can I query the the trusted systems database to get the values from the default file? I can write a parser, which scans the /tcb/files/auth/system/default file, but if there is a "queryprpw" I would prefere to use this... I havent found a hint in getprpw(1) or prpwd(4) manpages.

Any hint is very apprechiated, thanks in advance
2 REPLIES 2
Tim Nelson
Honored Contributor

Re: query trusted systems password database

getprpw -m pick_a_setting username

Create a script to look through their accout status and settings. a -1 means default, a 0 (zero) typicall means disabled, unless the default is to disable.

uid=1000, bootpw=NO, audid=12, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Mon Dec 31 08:16:46 2007, upwchg=Mon Dec 31 08:16:29 2007,
og=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Tue Jan 22 09:01:05 200
Jan 4 08:13:28 2008, sloginy=pts/tb, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

Lockout codes by bit
1 past password lifetime
2 past last login time
3 past absolute account lifetime
4 exceeding unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is an * the value 0 = condition not present, 1 is present.
Franz P
Advisor

Re: query trusted systems password database

Thanks Tim, I know how to query the user entries but I havent found a method to query the default entries.
In your example the user's expwarn=-1 is default, but what is the default? I know how to get the info: /tcb/files/auth/system/default says u_pw_expire_warning#604800
I'm wondering, if there is a CLI to parse the default entries, eg.

# getprpwdefault -m u_pw_expire_warning
u_pw_expire_warning=604800

as I wrote in my first post: I know how to write a parser for this file, but I prefere to use an already invented tool/CLI :-)