Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: root passwd expiration on AIX
Operating Systems AIX root passwd expiration on AIX Post 302330009 by shockneck on Tuesday 30th of June 2009 03:03:31 AM
Old 06-30-2009
Quote:
Originally Posted by kwliew999
[...]by running the command pwdadm -c user, the ADMCHG flags will be removed from /etc/security/passwd file. But in the first place, why it doesn't remove the flags after root id has changed the password? Why we need to run this command of pwdadm -c to remove the flag ADMCHG manually?[...]
This is less a question of whether it would be technically possible but more a question of privacy. Depending on where you where brought up this might not be so obvious but where I live users prefer root not knowing their personal passwords. So while root can get around this little hurdle by removing the ADMCHG flag it is not the default. It has to be done intentionally which makes a difference from the legal perspective.

The ADMCHG flag is set if root changes another user's password. If that user changes his/her password (at first login) the ADMCHG flag is removed and the password is valid until it expires for some defined reason.
If you don't want a password to expire after a defined time set the maxage parameter to "0" in the user's settings. However, keeping a password forever is considered a security risk in certain environments.
From a mere technical point of view you could write a script to change password and run pwdadm in one step though.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Preventing passwd root?

I knew it would happen sooner or later.... We have a requirement that specific individuals need "sudo root" authority. I knew it only a matter of time before someone decided to change the root password (at least they owned up to it). Now the question is how can I grant all rights except... (4 Replies)
Discussion started by: scottsl
4 Replies

2. UNIX for Dummies Questions & Answers

Dont have the root passwd for Solaris 8

Hello chiefs :) I have a SUN Enterprise 250, running Solaris 8.5 - I have managed to be able to connect a dumb terminal to the box via a standard straight-through rj45 cable, to my ibm laptop. OK so Putty can connect to the box via ssh - nice! But I dont have the password for root - or any... (1 Reply)
Discussion started by: congo
1 Replies

3. UNIX for Dummies Questions & Answers

Need to change root passwd

I booted up Sun V240 server with boot cdrom -s using the Sun Operating System CD. I now am at the # prompt and su - root . The system will not allow me to set password for root. Get following error: # passwd New Password: xxxxxxxx Re-enter new Password: xxxxxxxx passwd: Unexpected failure. ... (4 Replies)
Discussion started by: mayewil
4 Replies

4. Solaris

Recover root passwd

Any body pls let me know the procedure to recover ROOT password in Sun Netra 20 Server..I forgot the password. (5 Replies)
Discussion started by: gini
5 Replies

5. Solaris

How to set new Root Passwd

I forget the Root Passwd of my Sun Netra 20 server and break the same by editing /etc/shadow.Now there is no passwd for Root. And How to set new root passwd?Pls help.... (2 Replies)
Discussion started by: gini
2 Replies

6. UNIX for Dummies Questions & Answers

hw to reterive root passwd

heyy i forgot my root passwd but i cant reinstall due to some reason can anyone tell me hw to reterive root passwd (10 Replies)
Discussion started by: mightypp.nits
10 Replies

7. UNIX for Dummies Questions & Answers

How to edit the /etc/passwd file not using root?

Hi All, Today I faced a problem trying to log in as root. The output error is cannot execute sh: No such file.... I doubted there is something wrong with shell interpreter which resides in /etc/passwd file for every user who logs in. I checked and the line for root account was... (4 Replies)
Discussion started by: elthox
4 Replies

8. Red Hat

forgot root passwd

hi i have a RHEL 4 and have forgot root passwd tried to boot in by singel user and then changing the passwd but it's not letting me do that ......throwing some weird error as .......manipulation i also tried to make a new user from CLI but even though it's not letting me in from that user as... (12 Replies)
Discussion started by: techbravo
12 Replies

9. Red Hat

Root shell in /etc/passwd is corrupted

I accidentally changed root shell from /bin/bash to bash in /etc/password, then logged out from root. Now I can't login as root and got "No shell" error, although I have root password. "su -f -s /bin/bash" command does NOT work. There is no GUI interface for this system. My question: Do I have... (7 Replies)
Discussion started by: aixlover
7 Replies

10. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

LEARN ABOUT SUSE

shadow

SHADOW(5)							File Formats Manual							 SHADOW(5)

NAME

       shadow - encrypted password file

DESCRIPTION

       shadow contains the encrypted password information for user's accounts and optional the password aging information. Included is

	    Login name

	    Encrypted password

	    Days since Jan 1, 1970 that password was last changed

	    Days before password may be changed

	    Days after which password must be changed

	    Days before password is to expire that user is warned

	    Days after password expires that account is disabled

	    Days since Jan 1, 1970 that account is disabled

	    A reserved field

       The  password  field must be filled. The encryped password consists of 13 to 24 characters from the 64 characters alphabet a thru z, A thru
       Z, 0 thru 9, . and /. Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES)
       algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.

       Refer to crypt(3) for details on how this string is interpreted.

       The  date  of  the  last  password change is given as the number of days since Jan 1, 1970. The password may not be changed again until the
       proper number of days have passed, and must be changed after the maximum number of days.  If the minimum number of days required is greater
       than the maximum number of day allowed, this password may not be changed by the user.

       An  account is considered to be inactive and is disabled if the password is not changed within the specified number of days after the pass-
       word expires.  An account will also be disabled on the specified day regardless of other password expiration information.

       This information supercedes any password or password age information present in /etc/passwd.

       This file must not be readable by regular users if password security is to be maintained.

FILES

       /etc/passwd    - user account information
       /etc/shadow    - encrypted user passwords

SEE ALSO

       chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), sulogin(8)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	 SHADOW(5)
All times are GMT -4. The time now is 02:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy