10-25-2012
Yes, these behaviors were created to discourage bad practices.
We assume that administrators know how to protect passwords. New user passwords should be pre-expired to they much be changed, and the accounts should be locked if the password gets too old, saying they never logged in to change ti and it has been laying around out there in an email or voice mail or test message. All passwords should change periodically, and be strong. Carefully controlled facilities likw well configured sudo or pbsu mean no password needs to be shared. Of course, shared ssh keys can be just as bad.
9 More Discussions You Might Find Interesting
1. Solaris
I have a local account for a unix server. The idle timeout for the account is around 10 mins. I have to login to the server multiple times during the day. Is there a way to increase the idle timeout or may be a script that I can run on background so it is not idle. Something like echo date every 9... (3 Replies)
Discussion started by: vinaysa
3 Replies
2. Shell Programming and Scripting
I am trying to create a shell script that will:
check if a specific user already exists
if not, create a specific group and create the user in that group
assign a password to that user, where the password is passed in as a parameter to the script
The problem that I need help with is 3 on... (4 Replies)
Discussion started by: killuane
4 Replies
3. Shell Programming and Scripting
HI I 'm new shall script and unix. I want to create script for change password root by ssh-keygen command . I have 50 servers and I want ot login ot the servers via ssh by type ones password and can login every machines.The script ssh-keygen must ot generate key every weekly than it send new... (2 Replies)
Discussion started by: pellnapook
2 Replies
4. Shell Programming and Scripting
Hello,
To learn ZFS, i try to create pool .
and for that i want create 10 files with 512MB (because i dont have multiple disks and multiple controllers)
ADMIT THAT THIS IS TEN HIGH-PERFORMANCE HARD DRIVES
To get this 10 files,all of them have the same size : 512MB,
I do these... (0 Replies)
Discussion started by: herbich1985
0 Replies
5. UNIX for Advanced & Expert Users
Hi,
I am using Solaris 10 OS and Bash shell.Is there any way can we automate User creation and setting passwords through a script or any freeware tool.
Advance thanks for your response. (1 Reply)
Discussion started by: muraliinfy04
1 Replies
6. Shell Programming and Scripting
Below is my code to create a user account but it doesn't take a password automatically. I have to run the password command seperately to do this
What I want to do is to be able to accept the password in a script.
In linux with the "useradd' command you can give the "-p" flag to accept the... (1 Reply)
Discussion started by: slufoot80
1 Replies
7. Shell Programming and Scripting
:eek:Below is my code to create a user account but it doesn't take a password automatically. I have to run the password command seperately to do this
What I want to do is to be able to accept the password in a script.
In linux with the "useradd' command you can give the "-p" flag to accept the... (1 Reply)
Discussion started by: slufoot80
1 Replies
8. UNIX for Advanced & Expert Users
Hi
I am checking status of sftp in Health check script, sftp command is used to connect the server with secure RSA key, which is successfully get connected most of the time but in some case if RSA key ask for password then I need to exit sftp command after few second and continue to run... (1 Reply)
Discussion started by: ketanraut
1 Replies
9. Solaris
Hi
I have a root script which is setting up user and his dirs and so on. After I create user and set up all the necessary I have to manually set user password. I try all possible ways what google find me and nothing works for me. If maybe one of you have a solution for my problem it will be... (1 Reply)
Discussion started by: Jaffakeks
1 Replies
SHADOW(5) File Formats and Conversions SHADOW(5)
NAME
shadow - shadowed password file
DESCRIPTION
shadow is a file which contains the password information for the system's accounts and optional aging information.
This file must not be readable by regular users if password security is to be maintained.
Each line of this file contains 9 fields, separated by colons (":"), in the following order:
login name
It must be a valid account name, which exist on the system.
encrypted password
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to
use a unix password to log in (but the user may log in the system by other means).
This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some
applications which read the /etc/shadow file may decide not to permit any access at all if the password field is empty.
A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line
represent the password field before the password was locked.
date of last password change
The date of the last password change, expressed as the number of days since Jan 1, 1970.
The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system.
An empty field means that password aging features are disabled.
minimum password age
The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again.
An empty field and value 0 mean that there are no minimum password age.
maximum password age
The maximum password age is the number of days after which the user will have to change her password.
After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time
she will log in.
An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below).
If the maximum password age is lower than the minimum password age, the user cannot change her password.
password warning period
The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned.
An empty field and value 0 mean that there are no password warning period.
password inactivity period
The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted
(and the user should update her password during the next login).
After expiration of the password and this expiration period is elapsed, no login is possible using the current user's password. The
user should contact her administrator.
An empty field means that there are no enforcement of an inactivity period.
account expiration date
The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
Note that an account expiration differs from a password expiration. In case of an account expiration, the user shall not be allowed to
login. In case of a password expiration, the user is not allowed to login using her password.
An empty field means that the account will never expire.
The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970.
reserved field
This field is reserved for future use.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/shadow-
Backup file for /etc/shadow.
Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools.
SEE ALSO
chage(1), login(1), passwd(1), passwd(5), pwck(8), pwconv(8), pwunconv(8), su(1), sulogin(8).
shadow-utils 4.5 01/25/2018 SHADOW(5)