root passwd expiration on AIX

aixguy · #1 (**permalink**) 05-18-2006

Hi Guys,

some one could help me on this that will be great .

I have AIX 5.1 . when ever u login as root .it says u r passwd is expiredchoose new passwd . I tried couple of times changeing the passwd .still it behaves every time u login it asks to change the passwd . i teied to lokk into passwd file, /etc/security/passwd , smitty user management ,but no use .

any body have any idea !!! how to set this passwd expiration !!!!!!!

thanks in advance
susesun

johnf · #2 (**permalink**) 05-19-2006

As long as you can still log in as root run the command pwdadm -c root this should cure the problem. However the user root should really change the password on a regular basis for good security practice. You need to look in the /etc/security/passwd file. This is where all the flags are kept such ADMCHG. Hope this is helpful.

kwliew999 · #3 (**permalink**) 06-29-2009

I understand that by running the command pwdadm -c user, the ADMCHG flags will be removed from /etc/security/passwd file. But in the first place, why it doesn't remove the flags after root id has changed the password?
Why we need to run this command of pwdadm -c to remove the flag ADMCHG manually?
Is there any patches need to be applied to permanently fix the problem?
I afraid whenever the root id been expired, the same problem will happen again.
Thanks.

shockneck · #4 (**permalink**) 06-30-2009

Quote:

Originally Posted by kwliew999

[...]by running the command pwdadm -c user, the ADMCHG flags will be removed from /etc/security/passwd file. But in the first place, why it doesn't remove the flags after root id has changed the password? Why we need to run this command of pwdadm -c to remove the flag ADMCHG manually?[...]

This is less a question of whether it would be technically possible but more a question of privacy. Depending on where you where brought up this might not be so obvious but where I live users prefer root not knowing their personal passwords. So while root can get around this little hurdle by removing the ADMCHG flag it is not the default. It has to be done intentionally which makes a difference from the legal perspective.

The ADMCHG flag is set if root changes another user's password. If that user changes his/her password (at first login) the ADMCHG flag is removed and the password is valid until it expires for some defined reason.
If you don't want a password to expire after a defined time set the maxage parameter to "0" in the user's settings. However, keeping a password forever is considered a security risk in certain environments.
From a mere technical point of view you could write a script to change password and run pwdadm in one step though.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
forgot root passwd	techbravo	Red Hat	12	07-21-2008 11:56 PM
How to set new Root Passwd	gini	SUN Solaris	2	12-05-2006 04:33 PM
Recover root passwd	gini	SUN Solaris	5	11-29-2006 08:09 AM
Need to change root passwd	mayewil	UNIX for Dummies Questions & Answers	4	10-27-2006 06:03 PM
Preventing passwd root?	scottsl	UNIX for Advanced & Expert Users	4	01-06-2006 12:32 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: