|
|
Sponsored Content
Operating Systems
HP-UX
UNIX ID Password Expiration
Post 80957 by Ygor on Monday 15th of August 2005 12:50:21 AM
08-15-2005
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
Anyone know the command which identifies how long a user has before their password expires?
I also need to know how I would write and expr to calculate the difference between 2 dates.
e.g. 28/03/05 - 18/03/05 = 10
I was told there is a date function which shows you no of days since... (1 Reply)
Discussion started by: sureshy
1 Replies
2. AIX
Hi All,
I am using AIX
I need to get the Unix "password Expiration Days".
I know that "shadow" file contains this information. But shadow file can only be read by root.
Note that password expiration date will be set differently for diferrent user accounts. I need to get the inormation for... (0 Replies)
Discussion started by: raj_vkr
0 Replies
3. Solaris
Hello
can anyone explain where can be found logic for user password expiration on solaris as well as on reliant UNIX??
there is not much help of /etc/security directory..does not exist!
any help? (3 Replies)
Discussion started by: abdulaziz
3 Replies
4. Linux
Hi All,
I have this user on my /etc/shadow:
mysql:$1$vmw4r078$4.lp6z2s0KJYHKXTuPG2x0:13556:0::12:::
The 5 column is blank. Does it mean the user has no password expiration.
Thanks in advance for any idea. (1 Reply)
Discussion started by: itik
1 Replies
5. Solaris
Hello,
I am using Solaris 10 with CDE and like to change the behaviour of the login process.
I have a user account that is configured for password aging.
Currently, when his password expires, CDE prompts him to change his password when login in.
What I'd like is that the user cannot... (5 Replies)
Discussion started by: gorfou
5 Replies
6. AIX
Hi guys,
A simple question. which mecanism send an email to an unix user for the expiration of his password?
Thank you! (4 Replies)
Discussion started by: Chapel
4 Replies
7. UNIX for Advanced & Expert Users
Hello,
I want to write a script to check for the password expiration date in each server for the user by logging to each server and notify user through mail. If password is about to expire or if already expired , it should also be notified to user by mail. Any help or idea to build this will be... (1 Reply)
Discussion started by: baraghun
1 Replies
8. AIX
Hi Admins,
AIX 5.3
I know maxage value tells the system about password expiration policy.
One of the user's maxage is 5 weeks.But he changed the password long backup at 2008 according to lastupdate value.
Since maxage is 5, the password should expire every 5 weeks.But how come... (4 Replies)
Discussion started by: newaix
4 Replies
9. Ubuntu
Hello Team,
I am using Lubuntu & have DRBL remote boot setup with open Ldap authentication. Currently there is no password expire policy. I want to set Password Policy so that user's password will expire after a month & they will get prompt to change their password.
Using PAM we can do it,... (1 Reply)
Discussion started by: paragnehete
1 Replies
10. Shell Programming and Scripting
Dear Concern,
I want to write a shell script in linux for mail notification of users whose password is about to expire within 7 days or already has expired. Is there any alternative way except to check the "date" command output and compare it with "chage -l username" command output. Please... (1 Reply)
Discussion started by: makauser
1 Replies
LEARN ABOUT HPUX
pam_unix
pam_unix(5) File Formats Manual pam_unix(5) NAME
pam_unix - authentication, account, session, and password management PAM modules for UNIX SYNOPSIS
DESCRIPTION
The UNIX service module for PAM, provides functionality for all four PAM modules: authentication, account management, session management and password management. The module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. For an interpretation of the module path, please refer to the related information in pam.conf(4). Unix Authentication Module The UNIX authentication component provides functions to verify the identity of a user, and to set user specific credentials compares the user entered password (or password retrieved from the user's smart card) with the password from UNIX password database, including the protected password database for trusted systems. If the passwords match, the user is authenticated. If the user also has secure RPC credentials and the secure RPC password is the same as the UNIX password, then the secure RPC credentials are also obtained. The following options may be passed to the UNIX service module: syslog(3C) debugging information at level. Turn off warning messages. It compares the password in the password database with the user's initial password (entered when the user authenticated to the first authentication module in the stack). If the passwords do not match, or if no password has been entered, quit and do not prompt the user for a password. This option should only be used if the authentication service is designated as optional in the configuration file. It compares the password in the password database with the user's initial password (entered when the user authenticated to the first authentication module in the stack). If the passwords do not match, or if no password has been entered, prompt the user for a password. psd stands for personal security device, for the current implementation there is only one security device: the smart card. It compares the password in the password database with the password stored on the user's smart card. With this option the PAM Framework prompt "Enter PIN:" is used instead of the password prompt. This option is only supported with the authentication or password module types (auth, password) services in the or in the configuration files. When prompting for the current password, the UNIX authentication module will use the prompt, "Password:" unless one of the following sce- narios occur: 1. The option is specified and the password entered for the first module in the stack fails for the UNIX module. 2. The option is not specified, and the earlier authentication modules listed in the file have prompted the user for the pass- word. 3. The option is specified. In this case, the UNIX authentication module will use the prompt "Enter PIN:". In cases 1 and 2, the UNIX authentication module will use the prompt "System Password:". The function sets user specific credentials. If the user had secure RPC credentials, but the secure RPC password was not the same as the UNIX password, then a warning message is printed. If the user wants to get secure RPC credentials, then keylogin(1) needs to be run. Unix Account Management Module The UNIX account management component provides a function to perform account management The function retrieves the user's password entry from the UNIX password database and verifies that the user's account and password have not expired. For trusted systems, this module also validates the allowed access time and access terminal based upon the security configuration. The following options may be passed in to the UNIX service module: syslog(3C) debugging information at level. Turn off warning messages. Unix Session Management Module The UNIX session management component provides functions to initiate and terminate UNIX sessions. For UNIX, updates the last successful or unsuccessful login time in the protected password database for trusted mode. The account management module reads the information to dis- play the previous time the user logged in. The following options may be passed in to the UNIX service module: syslog(3C) debugging information at level. Turn off warning messages. is a NULL function. Unix Password Management Module The UNIX password management component provides a function to change passwords in the UNIX password database. This module must be in It can not be or The following options may be passed in to the UNIX service module: syslog(3C) debugging information at level. Turn off warning messages. It compares the password in the password database with the user's old password (entered to the first password module in the stack). If the passwords do not match, or if no password has been entered, quit and do not prompt the user for the old password. It also attempts to use the new password (entered to the first password module in the stack) as the new password for this module. If the new password fails, quit and do not prompt the user for a new password. It compares the password in the password database with the user's old password (entered to the first password module in the stack). If the passwords do not match, or if no password has been entered, prompt the user for the old password. It also attempts to use the new password (entered to the first password module in the stack) as the new password for this module. If the new password fails, prompt the user for a new password. It prompts the user for the PIN (with the PIN, the PAM Framework can retrieve a password from the smart card) and the old password is retrieved from the smart card. It compares the password in the password database with the user's old password. If the passwords match, it prompts the user for a new password. If the user's password has expired, the UNIX account module saves this information in the authentication handle using The UNIX password module retrieves this information from the authentication handle using to determine whether or not to force the user to update their pass- word. APPLICATION USAGE
On trusted systems, the interfaces implemented in the UNIX service module, are not thread-safe. Otherwise, they are thread-safe. A can- cellation point may occur while a thread is executing any of these interfaces. They are not cancel-safe, async-cancel-safe, nor async-sig- nal-safe. WARNINGS
HP-UX 11i Version 3 is the last release to support trusted systems functionality. SEE ALSO
keylogin(1), pam(3), pam_authenticate(3), pam_setcred(3), syslog(3C), nsswitch.conf(4), pam.conf(4), pam_user.conf(4). pam_unix(5)