- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Forcing password change
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2019 08:53 AM
тАО04-16-2019 08:53 AM
Forcing password change
Hi,
We have recently been told to increase the number of characters in our passwords to 14. This we can easily do by amending the MIN_PASSWORD_LENGTH value in /etc/default/security.
However this doesnt enforce the change until the user manually changes their password having logged in with the previous 8 character password..
Is there a setting that will enforce ALL users to change their password accordingly on their next login? I know this can be done for individual users via passwd -f "username" but is there a way of setting it for all?
Release is HPUX 11.31.
Many thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2019 05:48 PM - edited тАО04-16-2019 05:52 PM
тАО04-16-2019 05:48 PM - edited тАО04-16-2019 05:52 PM
Re: Forcing password change
Yes there is a single command and option to expire every entry in /etc/passwd.
HOWEVER, this is *every* entry in the passwd file including subsystems like SAMBA shares, webadmin, www, sfmdb, tftp, oracle, sybase, etc. Now may of these entries may not actually login but serve as an owner for files, etc. Automated logins for file transfers and other remote access will break. So if you force every entry in the passwd file to require a mandatory passwd change, a lot of unexpected things will happen.
So the command is: /usr/lbin/modprpw -E <<<--- DON'T USE IT
Instead, use /usr/lbin/modprpw -e user-name
Then specify a specific user to expire. Then repeat with the other users on the system.
If you have a lot of users, you'll need to do a lot of typing or use a script.
And if the auditors demand every password must change, be sure to schedule downtime to solve system issues.
This will be required because no one remembers the password for certain automated accounts.
Finally: the man page is very poor in documenting the effectiveness of the MIN_PASSWORD_LENGTH setting. It works for Trusted systems but there are other security services besides Trusted. Try the MIN_PASSWORD_LENGTH for a test user to see if it works.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2019 11:33 PM
тАО04-16-2019 11:33 PM
Re: Forcing password change
Hello,
Bill's suggestion looks apt for your environment.
Else you may try to convert system to trusted and change the required parameters.
Manikandan
I work for HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2019 05:09 AM
тАО04-17-2019 05:09 AM
Re: Forcing password change
Hi,
The server concerned is trusted anyway.
I have run the following on the server as root:
passwd -f user-id
and also
/usr/lbin/modprpw -e user-id
Neither of them seem to work - the user-id concerned does not get asked to change the password on the next login!
(The only thing I can think of is the passwd and/or modprpw isnt taking effect because the root account that is using them has been gained by sudo from the actual user-id concerned)