HPE Community
Operating System - HP-UX
1835061 Members
2627 Online
110073 Solutions
New Discussion

Re: User Password

 
Raghuram Ollakal_1
Advisor

‎09-11-2002 06:40 AM

‎09-11-2002 06:40 AM

User Password

I would like to know whether there is a way, that user can???t change the password. We have a general user ID for a group of users using, recently when one user login it prompted it is time to change the password, so the user went ahead and change the password, but never bother to let other user regarding the password change. So we are trying to find a way to avoid this happening again.
no personal quote
0 Kudos
Reply
7 REPLIES 7
Rodney Hills
Honored Contributor

‎09-11-2002 06:42 AM

‎09-11-2002 06:42 AM

Re: User Password

You could change the permissions on /usr/bin/passwd so that only root can execute it.

chmod 700 /usr/bin/passwd

Then nobody can execute it.

-- Rod Hills
There be dragons...
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎09-11-2002 06:47 AM

‎09-11-2002 06:47 AM

Re: User Password

Typically it that scenario you would not want to age the password. If you age it, when it expire the user will be prompted to change the password. This "shared" account (I would call it) can be handled separately. For example the password will only be changed once every 6 months by a system administrator and get communicated to everyone. Another way is to restrict the "passwd" command or write a wrapper script around the "passwd" command to allow only certain user to execute it.
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎09-11-2002 06:47 AM

‎09-11-2002 06:47 AM

Re: User Password


You sure must have auditors that don't have a clue. I wonder if we could hire them?

Why not just remove the password and set it so that it never expires?


live free or die
harry
Live Free or Die
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎09-11-2002 06:49 AM

‎09-11-2002 06:49 AM

Re: User Password

it depends on the enviornmet

changinf the permission is good , however if you want you can leave the onus on the user to change the same , incase there is a mess up you can alwasy logina as a superuser and modify it.That is how we handle in our env.



Manoj Srivastava
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-11-2002 06:50 AM

‎09-11-2002 06:50 AM

Re: User Password

Hi Raghuram,

One thing you can do is turn off PW aging for that account:

sam -> users -> (highlight account) -> Actions -> Modify Security Policies -> Password Aging Policies -> set Paswword Aging = Disabled

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Tom Maloy
Respected Contributor

‎09-11-2002 06:51 AM

‎09-11-2002 06:51 AM

Re: User Password

If only root can run passwd, that will limit the ability of other users to update their passwords.

Two other possible options:
1) get rid of the group login - bad from a security point of view, anyway.
2) control this with a process. Set the password to expire every 45 days or so. Then designate ONE person who will change the password on the first business day of each month, and who will notify the other folks of the change.

Personally, I'd get rid of the group login if possible.

Tom
Carpe diem!
0 Kudos
Reply
Helen French
Honored Contributor

‎09-11-2002 06:52 AM

‎09-11-2002 06:52 AM

Re: User Password

Check the password aging policy on the system and for that specific UID. You can make it to 'password never expires' or disable the password aging and will no longer ask for a password change. This command will disable a password aging:

# passwd -n 0 -x 0 username

Here, it will ask for the new password on the next login and will never ask again. Another way is to manually edit the /etc/passwd file and delete the password aging characters from the 'passwd' entry. This will be seperated by a comma (,) after the encrypted passwd. You can use vipw for editing the file.
Life is a promise, fulfill it!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.