06-30-2009
Quote:
Originally Posted by
kwliew999
[...]by running the command pwdadm -c user, the ADMCHG flags will be removed from /etc/security/passwd file. But in the first place, why it doesn't remove the flags after root id has changed the password? Why we need to run this command of pwdadm -c to remove the flag ADMCHG manually?[...]
This is less a question of whether it would be technically possible but more a question of privacy. Depending on where you where brought up this might not be so obvious but where I live users prefer root not knowing their personal passwords. So while root can get around this little hurdle by removing the ADMCHG flag it is not the default. It has to be done intentionally which makes a difference from the legal perspective.
The ADMCHG flag is set if root changes another user's password. If that user changes his/her password (at first login) the ADMCHG flag is removed and the password is valid until it expires for some defined reason.
If you don't want a password to expire after a defined time set the maxage parameter to "0" in the user's settings. However, keeping a password forever is considered a security risk in certain environments.
From a mere technical point of view you could write a script to change password and run pwdadm in one step though.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I knew it would happen sooner or later....
We have a requirement that specific individuals need "sudo root" authority. I knew it only a matter of time before someone decided to change the root password (at least they owned up to it).
Now the question is how can I grant all rights except... (4 Replies)
Discussion started by: scottsl
4 Replies
2. UNIX for Dummies Questions & Answers
Hello chiefs :)
I have a SUN Enterprise 250, running Solaris 8.5 - I have managed to be able to connect a dumb terminal to the box via a standard straight-through rj45 cable, to my ibm laptop. OK so Putty can connect to the box via ssh - nice! But I dont have the password for root - or any... (1 Reply)
Discussion started by: congo
1 Replies
3. UNIX for Dummies Questions & Answers
I booted up Sun V240 server with boot cdrom -s using the Sun Operating System CD. I now am at the # prompt and su - root . The system will not allow me to set password for root. Get following error:
# passwd
New Password: xxxxxxxx
Re-enter new Password: xxxxxxxx
passwd: Unexpected failure. ... (4 Replies)
Discussion started by: mayewil
4 Replies
4. Solaris
Any body pls let me know the procedure to recover ROOT password in Sun Netra 20 Server..I forgot the password. (5 Replies)
Discussion started by: gini
5 Replies
5. Solaris
I forget the Root Passwd of my Sun Netra 20 server and break the same by editing /etc/shadow.Now there is no passwd for Root.
And How to set new root passwd?Pls help.... (2 Replies)
Discussion started by: gini
2 Replies
6. UNIX for Dummies Questions & Answers
heyy
i forgot my root passwd but i cant reinstall due to some reason can anyone tell me hw to reterive root passwd (10 Replies)
Discussion started by: mightypp.nits
10 Replies
7. UNIX for Dummies Questions & Answers
Hi All,
Today I faced a problem trying to log in as root. The output error is
cannot execute sh: No such file....
I doubted there is something wrong with shell interpreter which resides in /etc/passwd file for every user who logs in.
I checked and the line for root account was... (4 Replies)
Discussion started by: elthox
4 Replies
8. Red Hat
hi
i have a RHEL 4 and have forgot root passwd
tried to boot in by singel user and then changing the passwd but it's not letting me do that ......throwing some weird error as .......manipulation
i also tried to make a new user from CLI but even though it's not letting me in from that user as... (12 Replies)
Discussion started by: techbravo
12 Replies
9. Red Hat
I accidentally changed root shell from /bin/bash to bash in /etc/password, then logged out from root. Now I can't login as root and got "No shell" error, although I have root password. "su -f -s /bin/bash" command does NOT work. There is no GUI interface for this system.
My question: Do I have... (7 Replies)
Discussion started by: aixlover
7 Replies
10. AIX
Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies
SHADOW(5) File Formats Manual SHADOW(5)
NAME
shadow - encrypted password file
DESCRIPTION
shadow contains the encrypted password information for user's accounts and optional the password aging information. Included is
Login name
Encrypted password
Days since Jan 1, 1970 that password was last changed
Days before password may be changed
Days after which password must be changed
Days before password is to expire that user is warned
Days after password expires that account is disabled
Days since Jan 1, 1970 that account is disabled
A reserved field
The password field must be filled. The encryped password consists of 13 to 24 characters from the 64 characters alphabet a thru z, A thru
Z, 0 thru 9, . and /. Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES)
algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.
Refer to crypt(3) for details on how this string is interpreted.
The date of the last password change is given as the number of days since Jan 1, 1970. The password may not be changed again until the
proper number of days have passed, and must be changed after the maximum number of days. If the minimum number of days required is greater
than the maximum number of day allowed, this password may not be changed by the user.
An account is considered to be inactive and is disabled if the password is not changed within the specified number of days after the pass-
word expires. An account will also be disabled on the specified day regardless of other password expiration information.
This information supercedes any password or password age information present in /etc/passwd.
This file must not be readable by regular users if password security is to be maintained.
FILES
/etc/passwd - user account information
/etc/shadow - encrypted user passwords
SEE ALSO
chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), sulogin(8)
AUTHOR
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
SHADOW(5)