Password expiration


 
Thread Tools Search this Thread
Operating Systems AIX Password expiration
# 1  
Old 03-08-2012
Password expiration

Hi Admins,

Code:
AIX 5.3


I know
Code:
 maxage

value tells the system about password expiration policy.
One of the user's maxage is 5 weeks.But he changed the password long backup at 2008 according to
Code:
lastupdate

value.

Since
Code:
 maxage

is 5, the password should expire every 5 weeks.But how come
Code:
lastupdate

shows the year 2008.



Any other setting needs to be checked. Please provide your expert thoughts.

Regards
newaix
# 2  
Old 03-08-2012
Can you post "lsuser -a user_name" for this user?

What does "maxexpired" in /etc/security/user have to say for this user? If it's -1, the user will not be forced to change the password even after the maxage duration.

Last edited by admin_xor; 03-08-2012 at 05:55 PM..
# 3  
Old 03-09-2012
Hi,

Thanks for the response.

Please check the below settings

Code:
madaoptr:
        id=211
        pgrp=dba
        groups=dba,staff
        home=/home/madaoptr
        shell=/usr/bin/ksh
        login=true
        su=true
        rlogin=true
        daemon=true
        admin=false
        sugroups=dba
        admgroups=
        tpath=nosak
        ttys=ALL
        expires=0
        auth1=SYSTEM
        auth2=NONE
        umask=22
        registry=files
        SYSTEM=compat
        logintimes=
        loginretries=3
        pwdwarntime=7
        account_locked=false
        minage=1
        maxage=8
        maxexpired=5
        minalpha=2
        minother=2
        mindiff=3
        maxrepeats=8
        minlen=8
        histexpire=0
        histsize=15
        pwdchecks=
        dictionlist=/etc/security/password.dict
        fsize=-1
        cpu=-1
        data=-1
        stack=-1
        core=0
        rss=-1
        nofiles=-1
        time_last_login=1280839888
        time_last_unsuccessful_login=1321534343
        tty_last_login=/dev/pts/1
        tty_last_unsuccessful_login=ssh
        host_last_login=10.55.12.60
        host_last_unsuccessful_login=msbdvds02
        unsuccessful_login_count=2
        roles=

Code:
pwdadm -q madaoptr
madaoptr:
        lastupdate = 1209445973 
 
last passwd changed on  Tue Apr 29 08:12:53 2008

Code:
perl -le 'print scalar localtime 1209445973'
Tue Apr 29 08:12:53 2008

Regards
newaix

Last edited by methyl; 03-10-2012 at 10:38 AM.. Reason: tidy code tags
# 4  
Old 03-09-2012
This is really strange!!

Although, maxexpired is set to 5 weeks, user seemed to have been using the same password for at least two years. What about other users? Is the password policy not working for them as well or is it just for this one user?

Can you check running the following commands?
Code:
pwdck -y ALL
usrck -y ALL


Last edited by admin_xor; 03-09-2012 at 06:02 PM..
# 5  
Old 03-10-2012
Thanks for your time. Please find the details below

Code:
 # pwdck -y ALL
3001-402  The user "invscout" has an invalid password field in /etc/passwd.
3001-414  The stanza for "invscout" was not found in /etc/security/passwd.
3001-402  The user "ipsec" has an invalid password field in /etc/passwd.
3001-414  The stanza for "ipsec" was not found in /etc/security/passwd.
3001-402  The user "lp" has an invalid password field in /etc/passwd.
3001-414  The stanza for "lp" was not found in /etc/security/passwd.
3001-402  The user "nuucp" has an invalid password field in /etc/passwd.
3001-414  The stanza for "nuucp" was not found in /etc/security/passwd.
3001-402  The user "snapp" has an invalid password field in /etc/passwd.
3001-414  The stanza for "snapp" was not found in /etc/security/passwd.
3001-402  The user "sshd" has an invalid password field in /etc/passwd.
3001-414  The stanza for "sshd" was not found in /etc/security/passwd.
3001-413  Adding "lp" stanza to /etc/security/passwd.
3001-413  Adding "invscout" stanza to /etc/security/passwd.
3001-413  Adding "snapp" stanza to /etc/security/passwd.
3001-413  Adding "ipsec" stanza to /etc/security/passwd.
3001-413  Adding "nuucp" stanza to /etc/security/passwd.
3001-413  Adding "sshd" stanza to /etc/security/passwd.
 #
 #
 # usrck -y ALL
3001-603 The UID 0 is duplicated for user root.
3001-603 The UID 0 is duplicated for user eadmaix.
3001-661 There have been too many invalid login attempts by user daemon.
3001-661 There have been too many invalid login attempts by user bin.
3001-661 There have been too many invalid login attempts by user sys.
3001-661 There have been too many invalid login attempts by user adm.
3001-662 User uucp is locked.
3001-661 There have been too many invalid login attempts by user nobody.
3001-662 User snapp is locked.
3001-662 User ipsec is locked.
3001-662 User nuucp is locked.
3001-662 User ora9i is locked.
 #


Last edited by Scott; 03-10-2012 at 04:37 PM.. Reason: Code tags
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Password expiration notification

Dear Concern, I want to write a shell script in linux for mail notification of users whose password is about to expire within 7 days or already has expired. Is there any alternative way except to check the "date" command output and compare it with "chage -l username" command output. Please... (1 Reply)
Discussion started by: makauser
1 Replies

2. Ubuntu

Password Expiration Policy

Hello Team, I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password. Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies

3. UNIX for Advanced & Expert Users

Password Expiration Notification

Hello, I want to write a script to check for the password expiration date in each server for the user by logging to each server and notify user through mail. If password is about to expire or if already expired , it should also be notified to user by mail. Any help or idea to build this will be... (1 Reply)
Discussion started by: baraghun
1 Replies

4. AIX

Mail for password expiration

Hi guys, A simple question. which mecanism send an email to an unix user for the expiration of his password? Thank you! (4 Replies)
Discussion started by: Chapel
4 Replies

5. Solaris

CDE password change on expiration

Hello, I am using Solaris 10 with CDE and like to change the behaviour of the login process. I have a user account that is configured for password aging. Currently, when his password expires, CDE prompts him to change his password when login in. What I'd like is that the user cannot... (5 Replies)
Discussion started by: gorfou
5 Replies

6. Linux

password expiration ?!?

Hi All, I have this user on my /etc/shadow: mysql:$1$vmw4r078$4.lp6z2s0KJYHKXTuPG2x0:13556:0::12::: The 5 column is blank. Does it mean the user has no password expiration. Thanks in advance for any idea. (1 Reply)
Discussion started by: itik
1 Replies

7. Solaris

password expiration

Hello can anyone explain where can be found logic for user password expiration on solaris as well as on reliant UNIX?? there is not much help of /etc/security directory..does not exist! any help? (3 Replies)
Discussion started by: abdulaziz
3 Replies

8. AIX

Password Expiration Days Needed

Hi All, I am using AIX I need to get the Unix "password Expiration Days". I know that "shadow" file contains this information. But shadow file can only be read by root. Note that password expiration date will be set differently for diferrent user accounts. I need to get the inormation for... (0 Replies)
Discussion started by: raj_vkr
0 Replies

9. HP-UX

UNIX ID Password Expiration

We are trying to implement an Password Aging system that will force UNIX Accounts to change their passwords every 3 mons or so. This will be done my our Server Support Provider. We want to identify UNIX IDs that connects to our server via ftp,scp,sftp and other special connection protocols. IN... (2 Replies)
Discussion started by: tads98
2 Replies

10. UNIX for Dummies Questions & Answers

Password expiration warning.

Hi, Anyone know the command which identifies how long a user has before their password expires? I also need to know how I would write and expr to calculate the difference between 2 dates. e.g. 28/03/05 - 18/03/05 = 10 I was told there is a date function which shows you no of days since... (1 Reply)
Discussion started by: sureshy
1 Replies
Login or Register to Ask a Question