modprpw(1M) modprpw(1M)
NAME
modprpw - modify protected password database
SYNOPSIS
username
value,... ] username
DESCRIPTION
updates the user's protected password database settings. This command is available only to the superuser in a trusted system.
Usage other than via SAM, and/or modifications out of sync with may result in serious database corruption and the inability to access the
system.
All updated values may be verified using the command. See getprpw(1M).
uses the configuration file default if is not specified. See nsswitch.conf(4).
Options
sets user's parameters as defined by the options specified. At least one option is required. If a field is not specified in the option
then its value remains unchanged in the database.
recognizes the following options:
To add a new user entry and to return a random password
which the new user must use to login the first time. This entry has to be created with the given username and the
Error is returned if the user already exists.
May be combined with the option.
Unlike the command, it does not create nor populate the home directory, and it does not update
This option is specified WITHOUT a user name to expire
all user's passwords. It goes through the protected password database and zeroes the successful change time of all users. The result
is all users will need to enter a new password at their next login.
May be combined with the option.
This option is specified with a user name to expire
the specified user's password. It zeroes the successful change time.
May be combined with the and/or options.
To unlock/enable a user's account that has become disabled,
except when the lock is due to a missing password or * password.
May be combined with the and/or options.
This option modifies data for a local user,
username. This option must be specified with other options.
Modify the database field to the specified value
and/or resets locks. Valid with one of the following options: or
A list of database fields may be used with comma as a delimiter. An "invalid-opt" is printed, and processing terminates, if a list of
database fields passed to contains an invalid database field.
Boolean values are specified as YES, NO, or DFT for system default values Numeric values are specified as positive numbers, 0, or -1.
If the -1 is specified, the numeric value in the database is removed, allowing the system default value to be used. Time values are
specified in days, although the database keeps them in seconds.
No aging is present if the following 4 database parameters are all zero:
Unless specified by all database fields can be set. They are listed below in the order shown in The database fields are fully
explained in prpwd(4).
DATABASE FIELD
database
database
Set the uid of the user. No sanity checking is done on this value.
database
database
database
Set boot authorization privilege, removes it from the user file.
database
Set audit id. Automatically limited not to exceed the next available id.
database
Set audit flag.
database
Set the minimum time interval between password changes (days). 0 = none. Same as non-trusted mode minimum time.
database
Set the maximum password length for system generated passwords.
database
Set password expiration time interval (days). 0 = not expired. Same as non-trusted mode maximum time.
database
Set password life time interval (days). 0 = infinite.
database
Modified by options maybe
database
database
Set account expiration time interval (days). This interval is added to "now" to form the value in the database
(database 0 = no expiration).
database
Set the last login time interval (days). Used with
database
Set password expiration warning time interval (days). 0 = none.
database Obsoleted field.
database
Set whether User Picks Password,
database
Set whether system generates pronounceable passwords,
database
Set if generated password is restricted, If password will be checked for triviality.
database
Set whether null passwords are allowed, is not recommended!
database Obsolescent field.
database Obsoleted field.
database
Set whether system generates passwords having characters only,
database
Set whether system generates passwords having letters only,
database
Set the time-of-day allowed for login.
The format is:
Where key has the following values:
- Monday
- Tuesday
- Wednesday
- Thursday
- Friday
- Saturday
- Sunday
- everyday
- Monday -> Friday
and Starttime and Endtime are in military format: HHMM, where:
00 <= HH <= 23, and 00 <= MM <= 59.
database
database
database
database
database
database
Set Maximum Unsuccessful Login tries allowed. 0 = infinite.
database
Set the administrator lock,
This option is specified WITHOUT a user name to
"validate/refresh" all user's passwords. It goes through the protected password database and sets the successful change time to the
current time for all users. The result is that all user's password aging restarts at the current time.
May be combined with the option.
This option is specified with a user name to
"validate/refresh" the specified user's password. It sets the successful change time to the current time.
May be combined with the and/or options.
Delete the user's password and return a random password that
the user must later supply to the login process to login and pick a new password. Not valid for root. Also resets locks.
May be combined with the option.
RETURN VALUE
0 Success.
1 User not privileged.
2 Incorrect usage.
3 Can not find the entry or file.
4 Can not change the entry.
5 Not a Trusted System.
EXAMPLES
Set the Minimum time between password changes to 12 (days), set the System generates pronounceable password flag to NO, and set the System
generates password having characters only flag to YES.
The following example is to restrict the times that user joeblow can get on the system on Mondays and Fridays to 5PM-9PM, and Sundays from
5AM-9AM. Other days are not restricted.
WARNINGS
This command is intended for SAM use only. It may change with each release and can not be guaranteed to be backward compatible.
Several database fields interact with others. Side effects may not be apparent until much later.
Special meanings may apply in the following cases:
o an absent field,
o a field without a value,
o a field with a zero value.
Very little, if any checking is done to see if values are valid. It is the user's responsibility to range check values.
HP-UX 11i Version 3 is the last release to support trusted systems functionality.
FILES
System Password file
Protected Password Database
System Defaults Database
AUTHOR
was developed by HP.
SEE ALSO
getprpw(1M), prpwd(4), nsswitch.conf(4).
TO BE OBSOLETED modprpw(1M)