03-25-2015
It's probably easiest just tell them that the policy has to be that way. If they request a new password or an unlock of an account then they are forced to pick a new one and you have control of the rules about complexity, history etc.
An alternate would be to intercept the passwd command and log every action on it. That might give you a history of when people last changed password.
Do either of these help?
Robin
This User Gave Thanks to rbatte1 For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello, was looking for some help on extracting a field from the passwd file.
So far I have made a copy of the passwd file and changed my rights so I can edit it. Every user's password is coded as an :x:, and my goal was to change that x to a blank, and then try to extract any user with that field... (2 Replies)
Discussion started by: xBuRnTx
2 Replies
2. UNIX for Dummies Questions & Answers
I've encountered shadow files where the "lastchg" parameters are set to NULL and also zero (0) for some Solaris machines (one running v10, one running v8).
I was wondering what impact this has on password ageing, and therefore enforced password change.
Does the NULL mean the account has never... (0 Replies)
Discussion started by: Lampers
0 Replies
3. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (11 Replies)
Discussion started by: avklinux
11 Replies
4. Solaris
i wonder if there is a tool to read the /etc/passwd or /etc/shadow files in order to reset user accounts to the same one.
By moving (restore) all filessytem and data to another same Sun box, none of the users are able to logon to the new box which i didn't change nothing. But if i reset the user... (1 Reply)
Discussion started by: lamoul
1 Replies
5. UNIX for Advanced & Expert Users
I'm trying to make this work, and it half works. Accounts with password hashes matching the old crypt(3) algorithm work just fine:
JUpfW/w6jo6aw
But accounts with longer password hashes preceded by $1$, such as the following, do not work:
$1$iIcbppdP$HDyjJeVMGgJ.ovLsnjtTR.... (0 Replies)
Discussion started by: davidstvz
0 Replies
6. Solaris
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies
7. Solaris
Hi , can anyone explain me the difference between /etc/shadow and /etc/default/passwd . As per my knowledge both the files are used for password aging and control parameters. (2 Replies)
Discussion started by: rogerben
2 Replies
8. Solaris
Hi experts,
Can somebody explain, what is 9th field in /etc/shadow ? The last digit - (5 Replies)
Discussion started by: solaris_1977
5 Replies
9. UNIX for Advanced & Expert Users
hi, all
I just started on new box where I have to diff passwd working perfectly on the very same account/user. I see that shadow was added recently (I'm not a root in there), I see 'x' in passwd. Not sure how it should work, should I change old passwd for one defined in shadow? Or it's fine to... (20 Replies)
Discussion started by: trento17
20 Replies
10. Solaris
Hi all..
I moved the /etc/shadow and /etc/shadow files to /tmp and then rebooted my PARC machine running 5.10. I did it to see if I could recover from single user mode.
But, I forgot to enable the abort key-sequence which I earlier disabled.
Stuck!
One of my gurus told I had to... (9 Replies)
Discussion started by: satish51392111
9 Replies
shadow(4) Kernel Interfaces Manual shadow(4)
NAME
shadow - shadow password file
SYNOPSIS
DESCRIPTION
The file is created from the file by the command. It is readable only by a privileged user. It can be modified by the and commands. Pro-
grams may use the interfaces described in the getspent(3C) manpage to access this information. These functions return a pointer to an
structure, which is defined in the header file.
Fields
The file is an ASCII file consisting of any number of user entries separated by newlines. Each user entry line consists of the following
fields separated by colons:
login name Each login name must match a login name in puts the user entries in in the same order as the entries.
encrypted password
The password field of each entry contains an "x", and the actual encrypted passwords reside in The encrypted password field
consists of 13 characters chosen from a 64-character set of "digits". The characters used to represent "digits" are for 0,
for 1, through for 2 through 11, through for 12 through 37, and through for 38 through 63.
If the SHA11i3 product is installed, the password field may contain the prefix , where n is a label identifying an alterna-
tive algorithm used for the password hash. Using the new algorithm results in an encrypted password field which is longer
than 13 characters. The password field will consist of digits from the same 64-character set, as well as the additional
character used as a delimiter.
If this field is null, then there is no password and no password is demanded on login. Login can be prevented by entering a
character that is not a part of the set of digits (such as *).
last change
The number of days since January 1, 1970 that the password was last modified.
min days
The minimum period in days that must expire before the password can be changed. See also in security(4) and the command in
passwd(1).
max days
The maximum number of days for which a password is valid. A user who attempts to login after his password has expired is
forced to supply a new one. If min days and max days are both zero, the user is forced to change his password the next time
he logs in. If min days is greater than max days, then the password cannot be changed. These restrictions do not apply to
the superuser. See also in security(4) and the command in passwd(1).
warn days
The number of days the user is warned before his password expires. See also in security(4) and the command in passwd(1).
inactivity
The maximum number of days of inactivity allowed. This field is set with the option of either the or command. If this value
is greater than zero, then the account is locked if there have been no logins to the account for at least the specified num-
ber of days. If this value is less than or equal to zero, the value is determined by the attribute. See the description of
in security(4).
expiration
The absolute number of days since Jan 1, 1970 after which the account is no longer valid. A value of zero in this field
indicates that the account is locked.
reserved
The reserved field is always zero and is reserved for future use.
Notes
The file is not applicable to a system which has been converted to a trusted system.
WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
FILES
system password file
shadow password file
SEE ALSO
login(1), passwd(1), pwconv(1M), pwunconv(1M), useradd(1M), userdel(1M), usermod(1M), crypt(3C), getspent(3C), putspent(3C), nss-
witch.conf(4), passwd(4), security(4).
shadow(4)