HPE Community
Operating System - Tru64 Unix
1820483 Members
2402 Online
109624 Solutions
New Discussion юеВ

root password expired

 
Danesh Qureshi
Regular Advisor

тАО11-13-2005 11:16 PM

тАО11-13-2005 11:16 PM

root password expired

If the root password has expired I am unable to su to root from a non privileged account unless I am at the console of root I can login and change it even after the password expiry date of the root account.

I am aware when one logs into root account the system warns you that the root password will expire on such a date and time. But if I have not changed the root password before it expires then as stated I am unable to su to root from a non privileged account. My question is there another way to notify the administatrator that the root password is about to expire without logging into root all the time to find out when the root password is expiring. I have been lookingin the man pages on passwd but no joy.

If anyone has any ideas or suggestions or has come across a similar scenario and got round the problem of root expiring I would really appreciate it.
0 Kudos
7 REPLIES 7
Ivan Ferreira
Honored Contributor

тАО11-13-2005 11:23 PM

тАО11-13-2005 11:23 PM

Re: root password expired

I think that you will need a script, maybe a perl script, because the information you need is in seconds since the epoch.

With edauth -g root you get the information of the last change (u_succhg). You can then calculate when the next change should be.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Venkatesh BL
Honored Contributor

тАО11-13-2005 11:55 PM

тАО11-13-2005 11:55 PM

Re: root password expired

refer to 'man prpasswd', you will find other useful fields as well (like u_exp, u_life etc)
0 Kudos
Victor Semaska_3
Esteemed Contributor

тАО11-14-2005 01:02 AM

тАО11-14-2005 01:02 AM

Re: root password expired

Danesh,

Here's a script I wrote in Korn shell that may help you. It works with Enhanced Security enabled, I never tried it with Base. It has to run as root so proceed at your own risk.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Danesh Qureshi
Regular Advisor

тАО11-14-2005 02:02 AM

тАО11-14-2005 02:02 AM

Re: root password expired

Hi Vic,

Firstly, thank you for your example script which I have been looking at.

Secondly,I am using ENHANCED security but when I issue the following command for any particular username there is no parameter u_exp nor u_life.

e.g.
/usr/tcb/bin/edauth -g grep u_exp

No information is returned with the above command.
However I do get information back with
/usr/tcb/bin/edauth -g | grep u_succhg.

Can you help me.
Thanks.
Dan..
0 Kudos
Victor Semaska_3
Esteemed Contributor

тАО11-14-2005 03:14 AM

тАО11-14-2005 03:14 AM

Re: root password expired

Danesh,

It has been awhile since I've work on this so I may get some of this wrong.

There is a 'default' record that contains default values for accounts. If you don't change any of those values in an account you won't see them when you 'edauth -g '.

To see the default values do this:
edauth -g -dd default

So, the logic is a little more complicated. If you can't find a field in a user's account, then you have to go to the default record.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Ivan Ferreira
Honored Contributor

тАО11-14-2005 04:57 AM

тАО11-14-2005 04:57 AM

Re: root password expired

This command is wrong:

/usr/tcb/bin/edauth -g grep u_exp

This command is right:

/usr/tcb/bin/edauth -g | grep u_succhg

You must use a pipe.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Hein van den Heuvel
Honored Contributor

тАО11-14-2005 01:52 PM

тАО11-14-2005 01:52 PM

Re: root password expired


There is an other recent topic that sounds vaguely similar:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=974620

In there Ivan suggest: usermod -x passwd_lifetime=0 root
Is that of use here?


Just guessing...
Hein.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.