HPE Community
Operating System - HP-UX
1833767 Members
1949 Online
110063 Solutions
New Discussion

what's considered as "user activity"?

 
SOLVED
Go to solution
Carlos Maldonado
New Member

‎12-17-2003 08:54 AM

‎12-17-2003 08:54 AM

what's considered as "user activity"?

when asigning accounts /bin/false, how can I make the OS aware of user activity such as imap4 or pop3 thru PAM? so that accounts don't expire when the password aging time is overdue

thanks in advance

OS version is B11.11
Truth Addict
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎12-17-2003 09:18 AM

‎12-17-2003 09:18 AM

Re: what's considered as "user activity"?

You can use sam and disable account aging on the accounts. This works for any user.

This would deal with your pop3 and imap users.

This is how I accomplish the goal on my Linux and HP-UX servers. I've gotten no complaints to date.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-17-2003 09:18 AM

‎12-17-2003 09:18 AM

Re: what's considered as "user activity"?

Ooops!

I don't use sam on Linux. I use the GUI user manager.

: looking a little red faced.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

‎12-17-2003 09:51 AM

‎12-17-2003 09:51 AM

Re: what's considered as "user activity"?

Hi,

cant you disable password ageing for that users? How many passwords, do you have to use, until you can reuse one? Is there a minimum time to wait for to change a password? Please explain, why user activity should defer password ageing.

greetings,

Michael
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-17-2003 02:46 PM

‎12-17-2003 02:46 PM

Solution

Re: what's considered as "user activity"?

IMAP and POP users are not 'normal' users at all. They do not login but instead connect through a socket program which performs validation. The OS is never 'aware' of any users. Programs such as login are used as a frontend to telnet and modem connections to validate and then connect a shell to the user's port. Since the users cannot login (shell = /usr/bin/false) then those user entries in /etc/passwd should have password aging turned off.

Of course, that is not a secure situation and for email users, the only solution would be to create your own password expiration tool and then use email to notify the user to use a new password.


Bill Hassell, sysadmin
Reply
Carlos Maldonado
New Member

‎05-21-2004 10:27 AM

‎05-21-2004 10:27 AM

Re: what's considered as "user activity"?

As of why should user activity defer password aging... I think, it's more like user activity should defer user "deactivating".

I think user aging should be disabled then, because only certain users (Admin and Power Users) have access to shell

therefore another issue comes up, I just put this server in production state and now I can see that shell appears to be a requisite for logging into sftp service, on Linux I had a kernel patch to workaround this, but on HP-UX I'm clueless

is it always necessary to have a valid shell for allwing sftp sessions? if so can I use restricted shell (I haven't tried it, I know I should test before asking)

regards and thanks for your answers :)
Truth Addict
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.