Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Passwd History in Solaris 8
Operating Systems Solaris Passwd History in Solaris 8 Post 61644 by pressy on Monday 7th of February 2005 05:25:42 AM
Old 02-07-2005
............
Quote:
One of the Solaris gurus will clear this up for you I'm sure.
;-)

hiho,
it is a default behavior in solaris 7,8 and 9 if aging is sufficient to ensure that the new password meets construcion requirements.
Passwords must be constructed to meet the following requirements:

*Each password must have PASSLENGTH characters, where PASSLENGTH is defined in /etc/default/passwd and is set to 6. Only the first eight characters are significant.
*Each password must contain at least two alphabetic characters and at least one numeric or special character. In this case, "alphabetic" refers to all upper or lower case letters.
*Each password must differ from the user's login name and any reverse or circular shift of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.
*New passwords must differ from the old by at least three characters. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.

so take a look into your /etc/default/passwd file where you can set these options:
MAXWEEKS; MINWEEKS; PASSLENGTH, WARNWEEKS
these rules do not effect the root account!



greetings pressy
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

clear passwd history without ...

how do I clear passwd history of a user without compromising the audit trail for security? in a nutshell, user abc wants to re-use his passwd ( he is not savvy with computers ) (4 Replies)
Discussion started by: A Stewart
4 Replies

2. UNIX for Dummies Questions & Answers

Dont have the root passwd for Solaris 8

Hello chiefs :) I have a SUN Enterprise 250, running Solaris 8.5 - I have managed to be able to connect a dumb terminal to the box via a standard straight-through rj45 cable, to my ibm laptop. OK so Putty can connect to the box via ssh - nice! But I dont have the password for root - or any... (1 Reply)
Discussion started by: congo
1 Replies

3. Solaris

Command history in Solaris

Can someone tell me what I can do to maintain a single history file ? As it is it creates a new file for each session. >ls -a .sh_* .sh_history.10106 .sh_history.15240 .sh_history.21635 .sh_history.4291 .sh_history.11311 .sh_history.16593 .sh_history.23709 .sh_history.4661... (3 Replies)
Discussion started by: jxh461
3 Replies

4. Solaris

solaris 10 vi history

i got solaris 10 DVD and i install it on intel 64. how do i set history to vi for command line? i can use backup space as well, it goes with "^H". this won't work, export EDITOR=vi, it response with not an identifier. thanks itik (4 Replies)
Discussion started by: itik
4 Replies

5. UNIX for Advanced & Expert Users

change passwd remotely in solaris 10

i'm trying to change passwd remotely in unix (solaris) and tried using "expect" but it is not working. Any ideas to change the passwd remotely using a shell script? (1 Reply)
Discussion started by: pharos467
1 Replies

6. Solaris

solaris 8 passwd

Dear all, One one of the systems running solaris 8 the oracle account has a issue when trying to set the passwd. Following is what i get when the passwd command is executed. :/opt/oracle> passwd Enter existing login password: System configuration error. Please contact your administrator.... (1 Reply)
Discussion started by: earlysame55
1 Replies

7. Solaris

Solaris passwd problem

Hi, I am using solaris 10. i am facing a strange problem regarding os passwd. i have a user oracle with passwd abc123 when i open a putty session with the os using abc123 it logs on. but if i use abc123!@# it agian log on without passwd error. I came to know about the issue that if i... (5 Replies)
Discussion started by: malikshahid85
5 Replies

8. Solaris

Solaris passwd script

Hello all, Since Solaris passwd does not have --stdin option can you advise how to change the password for 30 users with a script. The password can be the same one. I`ve tried already echoing, xargs, cat and similar. Thanks. ---------- Post updated at 04:04 AM ---------- Previous update... (0 Replies)
Discussion started by: click
0 Replies

9. Solaris

solaris 10 reboot history

Dears Kindly am requested to collect the date histroy that the system was rebooted, so is there any log file or command that i can find the time that the system was rebooted? thanks a lot for you kind support. (2 Replies)
Discussion started by: thehero
2 Replies

10. UNIX for Beginners Questions & Answers

Solaris History

why in solaris 10 I do not get history when I have the role as root? computer.root > history I get history:not found I am in computer.root > echo $SHELL /bin/sh computer.root > how can I see roots history in the sh shell? but in other shells I can only see my... (6 Replies)
Discussion started by: goya
6 Replies

LEARN ABOUT X11R4

nispasswd

nispasswd(1)							   User Commands						      nispasswd(1)

NAME

       nispasswd - change NIS+ password information

SYNOPSIS

       nispasswd [-ghs] [-D domainname] [username]

       nispasswd -a

       nispasswd [-D domainname] [ -d [username]]

       nispasswd [-l] [-f] [-n min] [-x max] [-w warn] [-D domainname] username

DESCRIPTION

       The nispasswd utility changes a password,  gecos (finger) field (-g option),  home directory (-h option),  or login shell (-s option) asso-
       ciated with the username (invoker by default) in the NIS+ passwd table.

       Additionally, the command can be used to view or modify aging information associated with the user specified  if the invoker has the  right
       NIS+ privileges.

       nispasswd  uses	secure	RPC to communicate with the NIS+ server,  and therefore, never sends unencrypted passwords over  the communication
       medium.

       nispasswd does not read or modify the local password information stored in the /etc/passwd and  /etc/shadow files.

       When used to change a password, nispasswd prompts non-privileged users for their old password.  It then prompts for the new password  twice
       to  forestall  typing  mistakes.  When  the  old password is entered, nispasswd checks to see if it has "aged" sufficiently.  If "aging" is
       insufficient, nispasswd terminates; see getspnam(3C).

       The old password is used to decrypt the username's secret key. If the password does not decrypt the secret key,	nispasswd prompts for  the
       old  secure-RPC password.  It uses this password to decrypt the secret key. If this fails, it gives the user one more chance. The old pass-
       word is also used to ensure that the new password differs from the old by at least three characters. Assuming aging is sufficient, a  check
       is  made  to ensure that  the new password meets construction requirements described below. When the new password is entered a second time,
       the two copies of the new password are compared.  If the two copies are not identical, the cycle of prompting  for   the  new  password	is
       repeated twice. The new password is used to  re-encrypt the user's secret key. Hence, it also becomes their secure-RPC password. Therefore,
       the secure-RPC password is no longer a different password from the user's password.

       Passwords must be constructed to meet the following requirements:

	 o  Each password must have at least six characters.  Only the first eight characters are significant.

	 o  Each password must contain at least two alphabetic characters and at least one numeric or special character.  In  this  case,  "alpha-
	    betic" refers to all upper or lower case letters.

	 o  Each  password  must differ from the  user's login	username and any  reverse or circular shift of that login username. For comparison
	    purposes, an upper case letter  and its corresponding lower case letter are equivalent.

	 o  New passwords must differ from the	old by at least three characters. For comparison purposes, an upper  case letter  and  its  corre-
	    sponding lower case letter are equivalent.

       Network	administrators, who own the NIS+ password table, may change any password attributes  if they establish their credentials (see key-
       login(1)) before invoking  nispasswd. Hence, nispasswd does not prompt these privileged-users  for the old password and they are not forced
       to comply with password aging and password construction requirements.

       Any user may use the -d option to display password attributes for his or her own login name. The format of the display will be:

       username status mm/dd/yy min max warn

       or, if password aging information is not present,

       username status

       where

       username        The login ID of the user.

       status	       The  password status of username: "PS" stands for password exists or locked, "LK" stands for locked, and "NP" stands for no
		       password.

       mm/dd/yy        The date password was last changed for username. (Note that all password aging dates are determined  using  Greenwich  Mean
		       Time (Universal Time) and, therefore, may differ by as much as a day in other
			time zones.)

       min	       The minimum number of days required between password changes for username.

       max	       The maximum number of days the password is valid for username.

       warn	       The number of days relative to max before the password expires that the username will be warned.

       The use of nispasswd is strongly discouraged. It is a wrapper around the passwd(1) command.

       Using  passwd(1)  with  the  -r	nisplus  option will achieve the same result and will be consistent across all the different name services
       available. This is the recommended way to change the password in NIS+.

       The login program, file access display programs (for example, ls -l), and network  programs  that  require  user  passwords,  for  example,
       rlogin(1), ftp(1), and so on, use the standard  getpwnam(3C) and
	getspnam(3C)  interfaces  to  get  password  information. These programs will get the NIS+ password information, which is modified by nis-
       passwd, only if the  passwd: entry in the  /etc/nsswitch.conf file includes nisplus. See nsswitch.conf(4) for more details.

OPTIONS

       The following options are supported:

       -a	       Shows the password attributes for all entries. This will show only the entries in the NIS+ passwd table in the local domain
		       that the invoker is authorized to "read".

       -d [username]   Displays password attributes for the caller or the user specified if the invoker has the right privileges.

       -D domainname   Consults  the  passwd.org_dir  table  in  domainname.  If  this option is not specified, the default domainname returned by
		       nis_local_directory() will be used. This domainname is the same as that returned by  domainname(1M).

       -f	       Forces the user to change password at the next login  by expiring the password for username.

       -g	       Changes the gecos (finger) information.

       -h	       Changes the home directory.

       -l	       Locks the password entry for username. Subsequently,  login(1) would disallow logins with this NIS+ password entry.

       -n min	       Sets minimum field for username. The min field contains the minimum number of days  between password changes for  username.
		       If  min is greater than max, the user may not change the password. Always use this option with the -x option, unless max is
		       set  to -1 (aging turned off).  In that case, min need not be set.

       -s	       Changes the login shell. By default, only the NIS+ administrator can change the login shell. The user will be prompted  for
		       the new login shell.

       -w warn	       Sets  warn field for username. The warn field contains the number of days before the password expires that the user will be
		       warned whenever he or she attempts to login.

       -x max	       Sets maximum field for username. The max field contains the number of days that	the password is valid  for  username.  The
		       aging  for  username  will  be  turned off immediately  if max is set to -1.  If it is set to 0, then the user is forced to
		       change the password  at the next login session and aging is turned off.

EXIT STATUS

       The following exit values are returned:

       0	Success.

       1	Permission denied.

       2	Invalid combination of options.

       3	Unexpected failure. NIS+ passwd table unchanged.

       4	NIS+ passwd table missing.

       5	NIS+ is busy. Try again later.

       6	Invalid argument to option.

       7	Aging is disabled.

       8	No memory.

       9	System error.

       10	Account expired.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnisu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       keylogin(1),  login(1),	nis+(1),  nistbladm(1),  passwd(1),  rlogin(1),   domainname(1M),   nisserver(1M),   getpwnam(3C),   getspnam(3C),
       nis_local_directory(3NSL), nsswitch.conf(4), passwd(4), shadow(4), attributes(5)

NOTES

       NIS+  might  not  be  supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are
       available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.10							    10 Dec 2001 						      nispasswd(1)
All times are GMT -4. The time now is 08:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy