HPE Community
Operating System - HP-UX
1837341 Members
3314 Online
110116 Solutions
New Discussion

set expiring the password in exactly 90 days.

 
SOLVED
Go to solution
Hanry Zhou
Super Advisor

‎11-05-2003 07:43 AM

‎11-05-2003 07:43 AM

set expiring the password in exactly 90 days.

Is there anyway I do that?

By default, it will automatically set to the number of weeks nearing days you specified, in this case it is 12 weeks (84days), not 90 days.
Thanks,
none
0 Kudos
Reply
10 REPLIES 10
Dave La Mar
Honored Contributor

‎11-05-2003 07:54 AM

‎11-05-2003 07:54 AM

Re: set expiring the password in exactly 90 days.

From the archives-
/sbin/passwd -f -x 42 -n 35 $user
-f is force at next login
-x is max days before have to change
-n is max days between changes
Best of luck.
Regards,
dl
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-05-2003 07:54 AM

‎11-05-2003 07:54 AM

Re: set expiring the password in exactly 90 days.

MINDAYS=7
MAXDAYS=90

# set up read loop for mass change awk

# passwd -r file -n $MINDAYS -x $MAXDAYS $user

# end of theoretical read look

I do think however it will round up to the nearest week which is 91 days.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Chris Watkins_1
Respected Contributor

‎11-05-2003 07:57 AM

‎11-05-2003 07:57 AM

Re: set expiring the password in exactly 90 days.

I believe you're stuck with the "rounded to the nearest week" option.
I see the same behaviour on trusted and non-trusted boxen alike.

Someone else may come along and prove me entirely wrong, of course.
Not without 2 backups and an Ignite image!
0 Kudos
Reply
Hanry Zhou
Super Advisor

‎11-05-2003 07:57 AM

‎11-05-2003 07:57 AM

Re: set expiring the password in exactly 90 days.

Steve, Yes, it will set to 91 days, but I want it to be exactly 90days, not 91 or 84 days?
none
0 Kudos
Reply
Dave La Mar
Honored Contributor

‎11-05-2003 08:11 AM

‎11-05-2003 08:11 AM

Re: set expiring the password in exactly 90 days.

The archive entries note that rounding to nearest week will happen even though I do not see so in a man of passwd which states "days".
Time to look at some C code.

Regards,
dl
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
Dave La Mar
Honored Contributor

‎11-05-2003 08:14 AM

‎11-05-2003 08:14 AM

Re: set expiring the password in exactly 90 days.

Found this in an old archive -
The min and max arguments are each represented in units of days.
These arguments will be rounded up to the nearest week on a non-
trusted HP-UX system. If your system is then converted to a trusted
system, the number of days will be based on those weeks. If you only
supply one of the two arguments, passwd checks to see if the other one
already exists. If it does not exist, then it defaults it to zero for
you.

dl
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-05-2003 10:17 AM

‎11-05-2003 10:17 AM

Solution

Re: set expiring the password in exactly 90 days.

This has to do with how the data is actually encoded in the passwd file. One character is used to represent a base-64 digit. Using this encoding scheme the developers faced a choice of 0-63 days or 0-63 weeks or perhaps 0-64 months. They choose weeks as a reasonable compromise given the limited encoding space --- which they themselves had chosen.
If it ain't broke, I can fix that.
Reply
Chris Watkins_1
Respected Contributor

‎11-05-2003 10:32 AM

‎11-05-2003 10:32 AM

Re: set expiring the password in exactly 90 days.

You could obviously work around the problem by a bit of scripting.

Have it run every 90 days, and do "passwd -f" against each user
you wanted to force to change their password. Wouldn't be hard.
Not without 2 backups and an Ignite image!
0 Kudos
Reply
Hemanth Gurunath Basrur
Honored Contributor

‎11-05-2003 02:10 PM

‎11-05-2003 02:10 PM

Re: set expiring the password in exactly 90 days.

Hello Hanry,

Did you try if you can set 90 days using SAM?

Check this link for info.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5187-2216/5187-2216_top.html&con=/hpux/onlinedocs/5187-2216/00/00/73-con.html&toc=/hpux/onlinedocs/5187-2216/00/00/73-toc.html&searchterms=days&queryid=20031105-200554

Regards,
Hemanth
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎11-06-2003 05:29 AM

‎11-06-2003 05:29 AM

Re: set expiring the password in exactly 90 days.

Clay is right. The internal encoding limits the granularity. In standard mode that's weeks. In trusted mode the values are essentially in time_t format, which allows times to be expressed in seconds.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.