HPE Community
Operating System - HP-UX
1834780 Members
2646 Online
110070 Solutions
New Discussion

Reoccurring problem user accounts becoming locked in the commercial database

 
SOLVED
Go to solution
chris pefley
Occasional Advisor

‎01-16-2005 07:04 AM

‎01-16-2005 07:04 AM

Reoccurring problem user accounts becoming locked in the commercial database

Why do our HP visualize workstations class c about every three months seem to lock users in the commercial database. This has been a on going problem for us and we haven't had any luck finding a permanent solution. We run a tcb system with 11.11 on these. Any help would be appreciated.
0 Kudos
Reply
9 REPLIES 9
Robert-Jan Goossens
Honored Contributor

‎01-16-2005 07:30 AM

‎01-16-2005 07:30 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

Hi Chris,

Could it be the password lifetime option is been set to 90 days ?

# /usr/lbin/getprpw user | grep lftm

Regards,
Robert-Jan
0 Kudos
Reply
chris pefley
Occasional Advisor

‎01-16-2005 07:33 AM

‎01-16-2005 07:33 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

no i dont think so i checked it in sam it says there set to 60 days
0 Kudos
Reply
chris pefley
Occasional Advisor

‎01-16-2005 07:59 AM

‎01-16-2005 07:59 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

I am trying the command you sent but for some reason its not working. I will check again to make sure that the password exp. is not set to 90 days. If you have any other ideas let me know thanks.

Chris
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎01-16-2005 08:02 AM

‎01-16-2005 08:02 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

Chris,

Check this doc.

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000075994740

Regards,
Robert-Jan
0 Kudos
Reply
chris pefley
Occasional Advisor

‎01-16-2005 08:04 AM

‎01-16-2005 08:04 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

Will do Robert, btw I missed read your message before we have our lifetime set to 365 days
0 Kudos
Reply
chris pefley
Occasional Advisor

‎01-16-2005 08:17 AM

‎01-16-2005 08:17 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

Would killing from another computer a user who locked a CDE cause damage to the TCB database system causing this type of problem?

Chris
0 Kudos
Reply
Darren Prior
Honored Contributor

‎01-16-2005 08:48 PM

‎01-16-2005 08:48 PM

Re: Reoccurring problem user accounts becoming locked in the commercial database

Hi Chris,

It shouldn't corrupt the tcb. Running authck -pv is a good way to check that the tcb and /etc/passwd are synchronised.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-17-2005 02:40 AM

‎01-17-2005 02:40 AM

Solution

Re: Reoccurring problem user accounts becoming locked in the commercial database

There are several places to check for passwords that seem to expire. One is the user's password expiration time. It might not be set at all, and on a Trusted system, there is a default systemwide value for users without any password aging. Also, on a Trusted system, there is an account lifetime without login...it can be shorter or longer than the expiration time. If the user does not have an account lifetime set, then the system's default takes over. To see the systemwide settings:

/usr/lbin/getprdef -m lftm,exptm

The lftm is the maximum lifetime for a password after changing it, and exptm is the number of days until the system asks to change it. Check which type of lockout is happening for these users:

/usr/lbin/getprpw -m lockout SomeUserName

The lockout value is ####### where each position is 0 or 1:


1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *

You can use SAM to change the lifetime for an unchanged login. The reason for having this additional timeout is that even if someone logs in with the correct password, rather than asking the user to change it, the login is locked so the administrator can determine why it has taken so long for the user to actually use the login.


Bill Hassell, sysadmin
Reply
chris pefley
Occasional Advisor

‎01-29-2005 06:16 AM

‎01-29-2005 06:16 AM

Re: Reoccurring problem user accounts becoming locked in the commercial database

Ok I will submit this information and see where that gets us thanks to all of you. If you have any other thoughts please let me know. Thanks Chris
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.