HPE Community
Operating System - HP-UX
1834422 Members
1914 Online
110067 Solutions
New Discussion

Trusted Mode password expiration - wrong behavior?

 
FLQ
Valued Contributor

‎06-29-2006 04:52 AM

‎06-29-2006 04:52 AM

Trusted Mode password expiration - wrong behavior?

Hi all,

OS = HP-UX 11.11/11.23

I did a Trusted Mode conversion on a system and encountered the never ending problem with the password expiration for all users.

1 - Using /usr/lbin/tsconvert ended with all users forced to change their password at next login. I caught the problem in time so revert back to Untrusted Mode.

2 - Using SAM I was able to convert the system to Trusted Mode but this time the password were not expired but the aging was "refreshed" to today's date. This is barely acceptable. :-(

My question is:

How can one put the system in Trusted Mode without changing the expiry date of each users to the date when the command was executed?

I mean to keep the actual expiry date for all accounts so when I put the system in Trusted Mode, the account that is setup to expire the day after I run the command will in fact expire the day after and not 60 days later. (passwords are set to expire every 60 days)

All this without having to write a script that will extract the expiry date and then "refresh" all accounts with their proper expiry date.

I hope it is clear enough.

Let me know

0 Kudos
Reply
3 REPLIES 3
Marvin Strong
Honored Contributor

‎06-29-2006 04:56 AM

‎06-29-2006 04:56 AM

Re: Trusted Mode password expiration - wrong behavior?

man modprpw

that command should allow you so do what you want.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-29-2006 05:18 AM

‎06-29-2006 05:18 AM

Re: Trusted Mode password expiration - wrong behavior?

Shalom,

This is something that happened with some of my users on a trusted system at my last job. The bad news for me it was my department head's account.

There were two issues there. The command posted above needed to be running and the default password aging was not set right for the user.

I think the default password aging pollicy for your entire system is wrong in this case.

I'd suggest sam users .. change it globally.

SEP{
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
FLQ
Valued Contributor

‎06-29-2006 05:27 AM

‎06-29-2006 05:27 AM

Re: Trusted Mode password expiration - wrong behavior?

Marvin,

I understand that "modprpw" command will do what I want but, as stated in my first post, I don't want to have to go back and modify each account with the previous expiry date because it means that I have to somehow keep the old expiry dates for each user and re-apply with "modprpw". IMO, it is an unnecessary step and that it should be done automatically by "/usr/lbin/tsconvert".

SEP,

The password aging policy is actually set to 60 days.

Using SAM to do the conversion will execute "/usr/lbin/modprpw -V" and set the expiry date to the date the command ran. This is what I'm trying to avoid.

TIA
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.