01-13-2014
/etc/shadow format is:
username:password:lastchg:min:max:warn:inactive:expire:flag
warn is number of days before expiring the password and user is warned.
You can change this with passwd -w 7 username (7 days for example).
You must have also max configured.
You can check your setup either by grep username /etc/shadow or passwd -s username
Above of course applies to files based authentication.
If you have lastcheck and max days time in /etc/shadow then you can try to calculate when the account was locked.
I'm not sure is theere any logs about account locking.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have this problem. Two accounts in an aix. Account A expired and it would auto prompt for new password when the user failed to log in, but Account B would not prompt for the new password. Instead it will only display "your account is expired. Please contact your administrator". I would like to... (1 Reply)
Discussion started by: mayyap
1 Replies
2. UNIX for Advanced & Expert Users
Hi,
Can anybody tell me a way to do ssh , without prompting for password from keyboard, Using RSA. The requirement is I need to create the key , using passphrase also.....
Is there any way to do it in UNIX ?
I am doing it from AIX machine , but remote machine is Linux
I tried... (8 Replies)
Discussion started by: shihabvk
8 Replies
3. UNIX for Dummies Questions & Answers
I have the problem with SFTP; BELOW IS the entry from my ssh_config file
It's prompting me for password all the time when using SFTP. pLEASE help. (1 Reply)
Discussion started by: dsravan
1 Replies
4. UNIX for Advanced & Expert Users
I am trying to copy a file from remote machine using scp. I followed the steps to configure public/private key usage. But still prompting for password when I do ssh.
I did the following steps to configure scp without asking password
Step 1 : local host > ssh-keygen -t rsa and when prompted... (9 Replies)
Discussion started by: satish@123
9 Replies
5. Shell Programming and Scripting
hi guys, is there any way to run a script using su - without prompting a password?
ex: su - $APPSUSERNAME/$APPSUSERPASSWORD stop_apps.sh
my purpose here is to run a script with current dbuser. thanks in advance. (3 Replies)
Discussion started by: d3xt3r
3 Replies
6. Shell Programming and Scripting
Hi,
I have SVN installed in my UNIX solaris server.
I actually automated the process that downloads code from SVN server to UNIX solaris server in script. When i run the script, its asking for password to download every element.
Its really difficult to type password for every element when... (3 Replies)
Discussion started by: gthangav
3 Replies
7. Shell Programming and Scripting
Hi,
When i am trying to connect to other server using ssh coomand, it is prompting for password.
But i want to hardcode it with username so that it should not prompt for password.
And i dont want to use "ssh-keygen" method as it is not allowed.
Please help me.
Regards,
Mukta (7 Replies)
Discussion started by: Mukta
7 Replies
8. Shell Programming and Scripting
Hi All,
I am trying to transfer a file from one server to a remote server using SFTP. Client is not ready for key setup.
I am working on Solaris 10.
Here is the code.
#!/bin/ksh
# sample automatic Sftp script to dump a file
USER="user1"
PASSWORD="pass1"
HOST="host1"
sftp $USER@$HOST... (6 Replies)
Discussion started by: megha2525
6 Replies
9. UNIX for Dummies Questions & Answers
Dear unix experts,
i have a requirement as below.
i need to use SFTP as FTP.
ftp -n -v << ENDFTP
open test_ftp.server
user ftp_user_name ftp_password
quit
ENDFTP
if i use this in a shell script, it's not asking for password. But i want the similar thing achived using... (5 Replies)
Discussion started by: AraR87
5 Replies
10. Shell Programming and Scripting
// Red Hat Enterprise Linux Server release 6.7
I wanted to pass the password, but when I execute this cron, it stops at Password: prompt.
Please advise on how to fix the error. Thank you for tour help in advance.
#!/usr/bin/ksh
su - pmserver
echo "su - pmserver"
cd... (2 Replies)
Discussion started by: Daniel Gate
2 Replies
shadow(4) shadow(4)
NAME
shadow - shadow password file
/etc/shadow is an access-restricted ASCII system file that stores users' encrypted passwords and related information. The shadow file can
be used in conjunction with other shadow sources, including the NIS maps passwd.byname and passwd.byuid and the NIS+ table passwd. Programs
use the getspnam(3C) routines to access this information.
The fields for each user entry are separated by colons. Each user is separated from the next by a newline. Unlike the /etc/passwd file,
/etc/shadow does not have general read permission.
Each entry in the shadow file has the form:
username:password:lastchg:min:max:warn:inactive:expire:flag
The fields are defined as follows:
username The user's login name (UID).
password An encrypted password for the user generated by crypt(3C), a lock string to indicate that the login is not accessible, or
no string, which shows that there is no password for the login.
The lock string is defined as *LK* in the first four characters of the password field.
lastchg The number of days between January 1, 1970, and the date that the password was last modified. The lastchg value is a deci-
mal number, as interpreted by atol(3C).
min The minimum number of days required between password changes. This field must be set to 0 or above to enable password
aging.
max The maximum number of days the password is valid.
warn The number of days before password expires that the user is warned.
inactive The number of days of inactivity allowed for that user. This is counted on a per-machine basis; the information about the
last login is taken from the machine's lastlog file.
expire An absolute date expressed as the number of days since the Unix Epoch (January 1, 1970). When this number is reached the
login can no longer be used. For example, an expire value of 13514 specifies a login expiration of January 1, 2007.
flag Failed login count in low order four bits; remainder reserved for future use, set to zero.
A value of -1 for min, max, or warn disables password aging.
The encrypted password consists of at most CRYPT_MAXCIPHERTEXTLEN characters chosen from a 64-character alphabet (., /, 0-9, A-Z, a-z). Two
additional special characters, "$" and ",", can also be used and are defined in crypt(3C). To update this file, use the passwd(1), user-
add(1M), usermod(1M), or userdel(1M) commands.
In order to make system administration manageable, /etc/shadow entries should appear in exactly the same order as /etc/passwd entries; this
includes ``+'' and ``-'' entries if the compat source is being used (see nsswitch.conf(4)).
Values for the various time-related fields are interpreted as Greenwich Mean Time.
/etc/shadow shadow password file
/etc/passwd password file
/etc/nsswitch.conf name-service switch configuration file
/var/adm/lastlog time of last login
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Stable |
+-----------------------------+-----------------------------+
login(1), passwd(1), useradd(1M), userdel(1M), usermod(1M), atol(3C), crypt(3C), crypt_gensalt(3C), getspnam(3C), putspent(3C), nss-
witch.conf(4), passwd(4), attributes(5), pam_unix_account(5), pam_unix_auth(5)
If password aging is turned on in any name service the passwd: line in the /etc/nsswitch.conf file must have a format specified in the nss-
witch.conf(4) man page.
If the /etc/nsswitch.conf passwd policy is not in one of the supported formats, logins will not be allowed upon password expiration,
because the software does not know how to handle password updates under these conditions. See nsswitch.conf(4) for additional information.
15 Sep 2005 shadow(4)