Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: passwd policies
Top Forums UNIX for Dummies Questions & Answers passwd policies Post 41650 by scottl on Friday 10th of October 2003 09:35:40 AM
Old 10-10-2003
passwd policies
Hi Guys,

i want to ask how i can add a special policies for users.
for example i want so say that each user must chnage the password every 4 weeks the password should have min 5 chacaters ........

passwd -n DAYS ....... and which string is for the min password lenght ......

many thx!
 

5 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

no /etc/passwd

Hello ppl, A small mistake of mine has led the /etc/passwd file deleted. So i went to rescue mode and used the following command echo "root::0:0:Superuser:/:/bin/bash" > passwd but that did not get effect in anyway way. when I switch back to normal mode the root is still asking for a passwd.... (3 Replies)
Discussion started by: cyno
3 Replies

2. UNIX for Dummies Questions & Answers

How to implement password policies?

How would i ensure that whenever any user changes the password it should meet following. It should be more than 7 Characters. Atleast one Upper case character,digit and special character present. Password is not same as username or dictionary word . User should get email after changing his... (2 Replies)
Discussion started by: pinga123
2 Replies

3. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies

4. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

5. Shell Programming and Scripting

passwd -s

Hi, I've a problem regarding understanding of result of passwd -s command. > passwd -s abc PS 05/24/12 0 441 I'm not a super user. But i need to write a simple code for checking password expiry and send an email to the team id. Is there any other command or way to achieve this?... (6 Replies)
Discussion started by: sam_bd
6 Replies

LEARN ABOUT OSX

pwpolicy

pwpolicy(8)						    BSD System Manager's Manual 					       pwpolicy(8)

NAME

     pwpolicy -- gets and sets password policies

SYNOPSIS

     pwpolicy [-h]
     pwpolicy [-v] [-a authenticator] [-p password] [-u username | -c computername] [-n nodename] command command-arg
     pwpolicy [-v] [-a authenticator] [-p password] [-u username | -c computername] [-n nodename] command "policy1=value1 policy2=value2 ..."

DESCRIPTION

     pwpolicy manipulates password policies.

   Options
     -a    name of the authenticator

     -c    name of the computer account to modify

     -p    password (omit this option for a secure prompt)

     -u    name of the user account to modify

     -n    use a specific directory node; the search node is used by default.

     -v    verbose

     -h    help

   Commands
     -getglobalpolicy		  Get global policies
     -setglobalpolicy		  Set global policies
     -getpolicy 		  Get policies for a user
     --get-effective-policy	  Gets the combination of global and user policies that apply to the user.
     -setpolicy 		  Set policies for a user
     -setpolicyglobal		  Set a user account to use global policies
     -setpassword		  Set a new password for a user. Non-administrators can use this command to change their own passwords.
     -enableuser		  Enable a user account that was disabled by a password policy event.
     -disableuser		  Disable a user account.
     -getglobalhashtypes	  Returns the default list of password hashes stored on disk for this system.
     -setglobalhashtypes	  Edits the default list of password hashes stored on disk for this system.
     -gethashtypes		  Returns a list of password hashes stored on disk for a user account.
     -sethashtypes		  Edits the list of password hashes stored on disk for a user account.
     -0 through -7		  Shortcuts for the above commands (in order).

   Global Policies
     usingHistory		       0 = user can reuse the current password, 1 = user cannot reuse the current password, 2-15 = user cannot re-
				       use the last n passwords.
     usingExpirationDate	       If 1, user is required to change password on the date in expirationDateGMT
     usingHardExpirationDate	       If 1, user's account is disabled on the date in hardExpireDateGMT
     requiresAlpha		       If 1, user's password is required to have a character in [A-Z][a-z].
     requiresNumeric		       If 1, user's password is required to have a character in [0-9].
     expirationDateGMT		       Date for the password to expire, format must be: mm/dd/yy
     hardExpireDateGMT		       Date for the user's account to be disabled, format must be: mm/dd/yy
     validAfter 		       Date for the user's account to be enabled, format must be: mm/dd/yy
     maxMinutesUntilChangePassword     user is required to change the password at this interval
     maxMinutesUntilDisabled	       user's account is disabled after this interval
     maxMinutesOfNonUse 	       user's account is disabled if it is not accessed by this interval
     maxFailedLoginAttempts	       user's account is disabled if the failed login count exceeds this number
     minChars			       passwords must contain at least minChars
     maxChars			       passwords are limited to maxChars

   Additional User Policies
     isDisabled 		  If 1, user account is not allowed to authenticate, ever.
     isAdminUser		  If 1, this user can administer accounts on the password server.
     newPasswordRequired	  If 1, the user will be prompted for a new password at the next authentication. Applications that do not support
				  change password will not authenticate.
     canModifyPasswordforSelf	  If 1, the user can change the password.

   Stored Hash Types
     CRAM-MD5		   Required for IMAP.
     RECOVERABLE	   Required for APOP and WebDAV. Only available on Mac OS X Server edition.
     SALTED-SHA512-PBKDF2  The default for loginwindow.
     SALTED-SHA512	   Legacy hash for loginwindow.
     SMB-NT		   Required for compatibility with Windows NT/XP file sharing.
     SALTED-SHA1	   Legacy hash for loginwindow.
     SHA1		   Legacy hash for loginwindow.

EXAMPLES

     To get global policies:

	   pwpolicy -getglobalpolicy

     To set global policies:

	   pwpolicy -a authenticator -setglobalpolicy "minChars=4 maxFailedLoginAttempts=3"

     To get policies for a specific user account:

	   pwpolicy -u user -getpolicy
	   pwpolicy -u user -n /NetInfo/DefaultLocalNode -getpolicy

     To set policies for a specific user account:

	   pwpolicy -a authenticator -u user -setpolicy "minChars=4 maxFailedLoginAttempts=3"

     To change the password for a user:

	   pwpolicy -a authenticator -u user -setpassword newpassword

     To set the list of hash types for local accounts:

	   pwpolicy -a authenticator -setglobalhashtypes SMB-LAN-MANAGER off SMB-NT on

SEE ALSO

     PasswordService(8)

Mac OS X Server 						 13 November 2002						   Mac OS X Server
All times are GMT -4. The time now is 02:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy