03-09-2009
If it's a password for an account which is only used for automated processing, an expiry period of 6 months is a bit much, especially if the account owner doesn't need to know the password (why is there one anyways). In that case I'd rather opt for a very, very complex password (max out length, use special characters as much as possible, ... something like ]?fb6#Z8"2a[{?(Cl+$? ) that's valid for the next 2 years or so.
Or, even better, if that password is used to remotely connect to a system, drop it altogether and switch to public key authentication with at least 2048 bit keys, those should be save for the next decade or so (just don't use an old Debian to generate them)
10 More Discussions You Might Find Interesting
1. AIX
Can anyone provide the pros and cons of having an NFS mount on an AIX server. Or direct me to documentation that provides this information. Thanks... (1 Reply)
Discussion started by: mcateriny
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
Is there any way to automate the reset of passwords.I mean can we write some scripts and do it. Would be great if anybody can help in this regards. (9 Replies)
Discussion started by: yakyaj
9 Replies
3. AIX
We are considering a DR strategy of booting AIX 5.3 and 5.3 logical partitions from EMC Symmetrix SAN disks, so that we can replicate via SRDF to a recovery site. Has anyone tried configuring AIX 5.x systems to boot from SAN disk? If so, can you provide any information on the pros and cons of... (6 Replies)
Discussion started by: jjgarrot
6 Replies
4. Shell Programming and Scripting
I am working on a script to automate and SFTP that I am currently doing to a company that does not allow for a .ssh profile to be created.
I have search and read about the -b option and am wondering if i can get some more information about it.
I tried to right a file containing the password... (3 Replies)
Discussion started by: jaycheetwood
3 Replies
5. Shell Programming and Scripting
Hello,
I need some assistance in trying to figure out the best way to automate user account password resets.
The environment is a mix of 2000 HP-ux, aix, linux, and sunos boxes.
The security specs are to reset pw's every 90 days.
Most boxes are only accessible from within a current ssh... (2 Replies)
Discussion started by: deviousdoses
2 Replies
6. UNIX for Advanced & Expert Users
Hi All,
We have a special requirement from our client, we need to automate one of the sftp job with password authentication. I know sftp can be automated with Key authentication, but this is not what I am looking for.
Can some body help me, a method like .netrc in FTP automation or like sftp... (6 Replies)
Discussion started by: shihabvk
6 Replies
7. Infrastructure Monitoring
I have some questions regarding ping
a. im planning to add all my servers to nagios for monitoring purposes. since nagios will do "PING" on the IP address (to check if UP or down), will there be affect on all my servers? say resource utilization, memory, etc? Will it add up or slow down the... (3 Replies)
Discussion started by: lhareigh890
3 Replies
8. UNIX for Dummies Questions & Answers
i am doing automation of report in unix. i am copying files from different server using scp command.. if i use scp its asking for password for copying files..is there any way to automate this password issue..
can anyone help me out???
tahnks in advance,
Arun Manas (4 Replies)
Discussion started by: arunmanas
4 Replies
9. Shell Programming and Scripting
Anyone has experience or study with Text User Interface and Curses::UI using Perl?
- What is the criteria to decide which method is better for a console based UI?
- Which DTL (dialog tag language) is supported by these?
The background is that I want to write a wrapper over some UNIX tools... (0 Replies)
Discussion started by: vikrantl
0 Replies
10. UNIX for Advanced & Expert Users
Hello,
Could anyone please enumerate some of the pros and cons to using a Journaled FileSystem?
---------- Post updated at 02:46 PM ---------- Previous update was at 02:45 PM ----------
I know clearly not losing data during a failed move or copy is a big pro, correct? Let's build off of... (8 Replies)
Discussion started by: glev2005
8 Replies
auth(5) File Formats Manual auth(5)
Name
auth - auth database
Description
The database is a repository of security-relevant information about each user of the system. This database contains the encrypted password
associated with the user's account in addition to a list of assorted capabilities. The database is stored as an database in the files and
Records are retrieved with the library routine. Access to the database is restricted to the superuser and members of the group
Auth records may be converted to an ASCII representation whose format is:
1000:4KvidFYwovnwp3j8lll78dC1:1920129:3600:2678400:03:0:1000:0:00:00
The first field is the UID of the entry that is used as the key into the database. Then follows:
Encrypted Password
This is the user's encrypted password. Whether this password or the one from the file is actually used is determined by the
security level that the system is running at.
Password Modification Time
This is the time(2) the password was last set.
Minimum Password Lifetime
This is the minimum number of seconds which must elapse between setting passwords.
Maximum Password Lifetime
This is the maximum period of time for which the password will be valid.
Account Mask These are capabilities pertaining to the account itself. They are:
1 A_ENABLE: this account is enabled.
2 A_CHANGE_PASSWORD: The user can change his or her password.
4 A_ENTER_PASSWORD: The user is not required to use machine-generated passwords.
Login Failure Count
This is the count of unsuccessful login attempts since the last successful login.
Audit ID Positive integer identifier used in generating audit records for the user.
Audit Control See the reference page, SET_APROC_CNTL section for more information.
Audit Mask Determines which events will be audited for the user. See the and reference pages for more information.
Restrictions
Only the superuser and members of the group may read information from the auth database. Only the superuser may modify the auth database.
Files
See Also
audcntl(2), getauthuid(3), getpwent(3), edauth(8)
auth(5)