HPE Community
Operating System - HP-UX
1848364 Members
7400 Online
104024 Solutions
New Discussion

User Password

 
Jacqueline Nguyen
Occasional Advisor

‎03-28-2002 08:51 AM

‎03-28-2002 08:51 AM

User Password

I run the following command to check the user password expiration date but no success. Can anyone give me hints on how to set up the date while changing the password of any user. Thanks in advance.
#logins -x -l jackien
jackien 375 cmsi 201 Jackie Nguyen
/disk1/ACCT
/bin/sh
PS 000000 -1 -1 -1

The last line shown no date, no time change and no expiration days.
Please advise. Thanks.



0 Kudos
Reply
14 REPLIES 14
MARTINACHE
Respected Contributor

‎03-28-2002 08:56 AM

‎03-28-2002 08:56 AM

Re: User Password

Hi,

try getprpw comnnand :

getprpw -l your_user

regards,

Patrice
Patrice MARTINACHE
0 Kudos
Reply
MARTINACHE
Respected Contributor

‎03-28-2002 08:58 AM

‎03-28-2002 08:58 AM

Re: User Password

getprpw is under /usr/lbin/
Patrice MARTINACHE
0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

‎03-28-2002 09:00 AM

‎03-28-2002 09:00 AM

Re: User Password

getprpw only works on a trusted system
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
Jacqueline Nguyen
Occasional Advisor

‎03-28-2002 09:11 AM

‎03-28-2002 09:11 AM

Re: User Password

Patrice,
Thanks for the quick response.
I have K360 box and run under 10.20 version. I access the command 'getptpw -l jackien' and the systems gives me an error 'sh: getprpw : not found'.
I look up under /usr/lbin and found the command. Then I type 'man getprpw' with no success (No manual entry for getprpw).
What's else should I do. Thanks.
0 Kudos
Reply
Kelli Ward
Trusted Contributor

‎03-28-2002 10:33 AM

‎03-28-2002 10:33 AM

Re: User Password

I should know this, but can't think of a command off the top of my head.
But, looking at the encrypted password in the /etc/passwd file (non-trusted) will tell you password expiration. man passwd for detail on decoding. Assuming password aging is enabled on your system. (You'll see what I mean when you read the passwd man page if this is unfamiliar.)
Best O' luck
Kel
The more I learn, the more I realize how much more I have to learn. Isn't it GREAT!
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-28-2002 11:16 AM

‎03-28-2002 11:16 AM

Re: User Password

Hi Jackie,

I'm not sure this is exactly what you want...

A superuser can use the passwd command to specify the minimum number of days between password changes (-n min) and the maximum number of days a password can remain unchanged (-x max). For example:
passwd -n 7 -x 56 jackien

That sets the minumum days for a password to 7 and the maximum to 56.

That can also be done thru SAM when you set up a new user or you can modify an existing user.

From your example it looks like these settings are not applied to jackien's account. Do this:
awk -F: '/jackien/ {print $2}' /etc/passwd

The first 13 characters you get from this awk command are the hashed password. The following 5 characters (the first being a comma) are the password aging parameters. If missing, then password aging isn't set.

Try the above passwd command to set the desired password aging parameters and then check the output of your logins command.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Jacqueline Nguyen
Occasional Advisor

‎03-28-2002 11:39 AM

‎03-28-2002 11:39 AM

Re: User Password

Kelli, Thanks for the info.
Darrell, I ran those commands and all my user password aging never been set. Based on the man entry 'passwd(1)', I can change the aging date,etc. However, I have 500 users on the system, is there anyway that I modify passwd aging to all at once instead of each individual.

Any help is appreciated. Thanks a lot. Jackie
0 Kudos
Reply
Giri Sekar.
Trusted Contributor

‎03-28-2002 11:49 AM

‎03-28-2002 11:49 AM

Re: User Password

Hi:

Please check if you are running NIS. If so then you have to mention a repository to the passwd -x option. Are you in NIS environment?

Thanks
Giri Sekar.
"USL" Unix as Second Language
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-28-2002 12:03 PM

‎03-28-2002 12:03 PM

Re: User Password

How about this if it's okay to set them all to the same min and max days...

Get a list of loginids:
awk -F: '{print $1}' /etc/passwd >/tmp/loginids

Edit /tmp/loginids and delete the ones you don't want to set aging for (ie root, sys, etc...)

Set them all:
while read id
do
passwd -n 7 -x 56 $id
done
That's it. Change the number of days to suit.

Just in case there's a problem, make a backup copy of /etc/passwd first and be sure you are logged in as root on a couple of sessions. You can run pwck afterwards (probably a good idea to run it first as well). You should also be sure you can login from a new session before logging out of all the other root sessions.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-28-2002 12:08 PM

‎03-28-2002 12:08 PM

Re: User Password

Giri's comment prompts me to say that my suggestion is for local password files only. NIS would be a different thing. Also, modifying /etc/passwd doesn't apply if you have converted to a trusted system.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Sandip Ghosh
Honored Contributor

‎03-28-2002 12:17 PM

‎03-28-2002 12:17 PM

Re: User Password

First you do one by the passwd -x command. Then go to the /etc/passwd file. If you look at the encrypted passwd portion , you will see the passwd what you have changed through -x has something after ",". Copy the total thing including "," after each encrypted passwd through vi. It should work.

Sandip
Good Luck!!!
0 Kudos
Reply
Jacqueline Nguyen
Occasional Advisor

‎03-28-2002 12:32 PM

‎03-28-2002 12:32 PM

Re: User Password

Thank you for pouring me a lot of info. I am fairly new in the System Admin role and I don't want to make any mistake. What's is NIS environment and what is trusted system and untrusted system. How can I check what my system runs under which environment.

Thanks a lot for all your help.
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-28-2002 01:34 PM

‎03-28-2002 01:34 PM

Re: User Password

Hi again,

HPUX's concept called "trusted system" is simply a higher level of system security. It utilizes a Trusted Computing Base (tcb) database. Of primary concern is moving the hashed passwords out of /etc/passwd an into files in the tcb.

"/usr/lbin/getprdef" will tell you if your system is trusted or not. Two other indications of running a trusted system are:
1 - the presence of /tcb directory structure
2 - the password field of all entries in /etc/passwd have 1 character (an "*")

NIS is Network Information Service. It is primarily used in larger environments where syncronizing user accounts, passwords, even hosts tables on dozens or even hundreds of systems is desired. You have one server with 500 accounts. Imagine 100 servers with 500 accounts.

To see if you are using NIS do:
grep NIS /etc/rc.config.d/namesvrs

As usual for variables in /etc/rc.config.d files, 0 = no and 1 = yes

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Jacqueline Nguyen
Occasional Advisor

‎03-28-2002 03:05 PM

‎03-28-2002 03:05 PM

Re: User Password

Darell,
Based on your instructions, I checked my system and it is not trusted. It is not running under NIS also. I am happy that I have learned new things today.

Hi everyone,
Thank you for all your help. I will continue to experiment the passwd aging process this week end.
Best regards,
Jackie
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.