HPE Community
Operating System - HP-UX
1847878 Members
5608 Online
104021 Solutions
New Discussion

Re: user account admin!

 
leereg_6
Advisor

‎10-29-2002 09:59 PM

‎10-29-2002 09:59 PM

user account admin!

I want to append a limitation to my existing users. For example:If the user account ACOUNTA has not been used for 30 days, lock it!
How to realize?


Thanks in advance!
0 Kudos
Reply
4 REPLIES 4
Patrick Chim
Trusted Contributor

‎10-29-2002 09:57 PM

‎10-29-2002 09:57 PM

Re: user account admin!

Hi,

I think you can use /usr/lbin/modprpw or you can see the man pages as it contains lots of options !! :)

Regards,
Patrick
0 Kudos
Reply
Patrick Chim
Trusted Contributor

‎10-29-2002 10:04 PM

‎10-29-2002 10:04 PM

Re: user account admin!

Hi again,

One more thing forgot to tell you that this command is only available in trusted system.

For a non-trusted system, you can man passwd for details. As your requirement, you should set the password lifetime.

*** quoted from the man page ***
A password dies after a time period known as the password lifetime. After the lifetime passes, the account is locked until it is re- enabled by a system administrator. Once unlocked, the user is forced to change the password before account use.
***

Regards,
Patrick
0 Kudos
Reply
Michael Tully
Honored Contributor

‎10-29-2002 10:08 PM

‎10-29-2002 10:08 PM

Re: user account admin!

First you must be convert to a trusted system.
Once that is done you can set up a policy (sam can be used for this) so that accounts which are not used for a certain time can be locked.
Be aware that changing your system to 'trusted' will force all passwords to be changed.

There is an alternative and that is to create a script which utilises the 'wtmp' file and Using 'passwd -l accountname'
Anyone for a Mutiny ?
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎10-29-2002 10:08 PM

‎10-29-2002 10:08 PM

Re: user account admin!

hi,
this is possible on trusted systems.

see below a quote from man passwd
============================================================

...
SECURITY FEATURES
This section applies only to trusted systems. It describes additional
capabilities and restrictions.

When passwd is invoked on a trusted system, the existing password is
requested (if one is present). This initiates the password
solicitation dialog which depends upon the type of password generation
(format policy) that has been enabled on the account doing the passwd
command. There are four possible options for password generation:

Random syllables A pronounceable password made up of
meaningless syllables.

Random characters An unpronounceable password made up of
random characters from the character
set.

Random letters An unpronounceable password made up of
random letters from the alphabet.

User-supplied A user-supplied password, subject to
length and triviality restrictions.

Passwords can be greater than eight characters, but it is recommended
that they be less than 40 characters. System warnings are displayed
if passwords lengths are either too long or short. The system
administrator can specify a maximum password length guideline for the
system generated options (random syllables, random characters, and
random letters). The actual maximum password length depends upon
several parameters in the authentication database and in the
algorithm.

The system requires a minimum time to elapse before a password can be
changed. This prevents reuse of an old password within an undesirable
period of time.

A password expires after a period of time known as the expiration
time. System warnings are displayed as expiration time approaches.

A password dies after a time period known as the password lifetime.
After the lifetime passes, the account is locked until it is re-
enabled by a system administrator. Once unlocked, the user is forced
to change the password before account use.

The system administrator can enable accounts without passwords. If a
user account is allowed to function without a password, the user can
choose a null password by typing a carriage-return when prompted for a
new password.

The system administrator can enable the password history feature to
discourage users from reusing previously used passwords. Refer to the
security(4) manual page for detailed information on configurable
parameters that affect the behavior of this command. The parameter
for password history is:

PASSWORD_HISTORY_DEPTH


Regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.