HPE Community
Operating System - HP-UX
1827293 Members
1475 Online
109717 Solutions
New Discussion

trusted and getprpw

 
SOLVED
Go to solution
Gord Moore
Frequent Advisor

‎09-09-2004 07:43 AM - last edited on ‎09-16-2024 02:10 AM by

‎09-09-2004 07:43 AM - last edited on ‎09-16-2024 02:10 AM by

trusted and getprpw

What does the -l (local) flag do? What is a local user and opposed to a non-local user? I have this output to look at:

[root]> /usr/lbin/getprpw -l mmaiden1
uid=151, bootpw=NO, audid=422, audflg=1, mintm=0, maxpwln=-1, exptm=182, lftm=-1, spwchg=Mon Feb 9 17:00:00 2004, upwchg=Sat Mar 6 18:16:32 2004, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 16 17:37:01 2004, ulogint=Fri Jul 16 17:36:47 2004, sloginy=pts/2, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=1000000

[root] > /usr/lbin/getprpw mmaiden1
uid=151, bootpw=NO, audid=422, audflg=1, mintm=0, maxpwln=-1, exptm=182, lftm=-1, spwchg=Tue Aug 3 18:00:00 2004, upwchg=Sat Mar 6 18:16:32 2004, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 16 17:37:01 2004, ulogint=Fri Jul 16 17:36:47 2004, sloginy=pts/2, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

There seem to be two differences: the spwchg date and the lockout flag. Is this account locked? What programs would think so (looking at the -l version), and which one would not?

We are using NIS+ so the passwords are changed on the master, another server, and this is running on HP-UX 11i.

Thanks.
0 Kudos
3 REPLIES 3
Dave Olker
Neighborhood Moderator

‎09-09-2004 07:47 AM

‎09-09-2004 07:47 AM

Solution

Re: trusted and getprpw

Hi Gord,

I believe "local" in this case means to retrieve the information from the local /tcb database files as opposed to the NIS+ trusted table. According to the getprpw man page, some data is kept on the NIS+ master, so it would likely make sense for this data to be different when retrieved from NIS+.

Regards,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Sridhar Bhaskarla
Honored Contributor

‎09-09-2004 07:49 AM

‎09-09-2004 07:49 AM

Re: trusted and getprpw

Hi,

As the name indicates, the first one displayed the information about the local account. The second one is for NIS+ users. In the first case as you can see the spwchg (The last successful password change) was done on the local account on Feb 9th where as on NIS+ it was August 3. So according to your security policies, the life time has passed for the local account hence you are seeing lockout as 1000000.

Look at the man page of getprpw. If you don't find it on 11i, then you can see it at docs.hp.com
//
-l Specifies to get information from the local user.

-n Can be specified with or without domain name; i.e., -n [domain].
If -n [domain] is specified, displays data for the NIS+ user.
The domain name must be fully qualified, with a terminating
period. If domain name is not specified, the local domain will
be used.
//

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Sundar_7
Honored Contributor

‎09-09-2004 08:05 AM

‎09-09-2004 08:05 AM

Re: trusted and getprpw

Gord,

As noted above, -l stands for local and will direct getprpw to work on the local tcb database as opposed to NIS+ tables.

There seem to be two differences: the spwchg date and the lockout flag. Is this account locked? What programs would think so (looking at the -l version), and which
one would not?

==> The answer to the question is it depends on how your name service is configured. Look at /etc/nsswitch.conf file.

passwd: nisplus files

If your password entry in nsswitch.conf refers to nisplus, any calls to get the user/password information will be referred to nisplus first before failing back to the local files.

-- Sundar
Learn What to do ,How to do and more importantly When to do ?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.