HPE Community
Operating System - HP-UX
1833767 Members
2366 Online
110063 Solutions
New Discussion

Set password aging options on NIS password

 
SOLVED
Go to solution
Travis Rebok
Advisor

‎04-17-2002 07:48 AM

‎04-17-2002 07:48 AM

Set password aging options on NIS password

I am Running NIS on HP 11.0. I created a script to generate new encrypted passwords for users in a specific user group. Then I update the /etc/passwd file. However I see the following format in the /etc/passwd file for some users:

user:password,MmNN:uid:gid:gecos:path:shell
M=max (.=0,/=1,0=2,9=11,A=12,Z=37,a=38,z=63)
m=min
NN=time password was changed last time

I know that the M, m, and NN are used for password aging. I imagine I can just leave the values for M and m alone, but how do I calculate a new value for NN?
When I "man 4 passwd" it says that NN define the week (counted from the beginning of 1970) when the password was last changed. To test this I just changed my password today and the values for NN are "IO". How does "IO" or the digit values "I"=20 and "O"=26 correlate to what the man page is saying. How can I generate these values when I run my process to manually generate encrypted passwords?
Thanks.

0 Kudos
Reply
7 REPLIES 7
A. Clay Stephenson
Acclaimed Contributor

‎04-17-2002 08:22 AM

‎04-17-2002 08:22 AM

Solution

Re: Set password aging options on NIS password

The current week is encoded as a base-64 2-digit number drawn the from the character set ./0123456789A-Za-z. The most significant digit appears last.

Lets suppose that the cuurent week is 64 weeks since the beginning of time (Jan 1, 1970).
That would be encoded as 1 x 64^^1 + 4 x 64^^0 or "2/" from the above character set in REVERSE order. 2 ==> 4 and / ==> 1.

Fortunately, I already had a small perl script to do this. It simply takes the current date and outputs the encoded value to stdout.

Use it like this:

PWAGE=$(pwage.pl)
echo "PWAGE (Current Date) = \"${PWAGE}\""


If it ain't broke, I can fix that.
Reply
S.K. Chan
Honored Contributor

‎04-17-2002 08:34 AM

‎04-17-2002 08:34 AM

Re: Set password aging options on NIS password

Just FYI ..

If you made a password change on 3/5/02 (tue), the information you got if you run ..

# logins -x -l

will show it's changed on 2/28/02 (thur) instead, because of the starting time on 1/1/70 (which is thur) the last password change will be on Thursday before the actual modification day.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-17-2002 11:02 AM

‎04-17-2002 11:02 AM

Re: Set password aging options on NIS password

Oops.... I meant 68 rather than 64 weeks in my above example.


Lets suppose that the cuurent week is 68 weeks
(14 base-64) since the beginning of time (Jan 1, 1970).
That would be encoded as 1 x 64^^1 + 4 x 64^^0 or "2/" from the above character set in REVERSE order. 2 ==> 4 and / ==> 1.

This is a slighty cleaner version of the Perl script as well although the above example works just fine.

If it ain't broke, I can fix that.
Reply
Travis Rebok
Advisor

‎04-17-2002 12:08 PM

‎04-17-2002 12:08 PM

Re: Set password aging options on NIS password

Yeah I was alittle confused by your first example. Thanks for the clarification.
I can convert the perl to java to my use. However if
my $curr_wk = time() / SECONDS_PER_DAY / DAYS_PER_WK; gives the week number(since 1/1/1970), do you know a comparable function to Perl's time() in unix shell or java since I cannot use Perl for my app?
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-17-2002 12:18 PM

‎04-17-2002 12:18 PM

Re: Set password aging options on NIS password

Dte has a 'UTC' method which returns the number of milliseconds since Jan 1, 1970 UTC. Divide that value by 1000 and there you are.

If it ain't broke, I can fix that.
Reply
Travis Rebok
Advisor

‎04-18-2002 07:38 AM

‎04-18-2002 07:38 AM

Re: Set password aging options on NIS password

Perfect. I used Date.getTime()to get millisecs and the logic you provided in your program. Works great and gives me "OJ" for today like expected. Thanks alot for your help!
Travis
0 Kudos
Reply
Travis Rebok
Advisor

‎04-18-2002 07:41 AM

‎04-18-2002 07:41 AM

Re: Set password aging options on NIS password

Oops, forgot to REVERSE them... "JO" just like I expected.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.