Login or Register to Ask a Question and Join Our Community


Solaris

useradd problem

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris useradd problem
# 15  
Old 10-17-2011
For your cron script you could do something like this also. This is just something I typed up really fast, and haven't tested, but you can get the idea. That way you don't have to remember to go back and add people to cron that you add to the system. Then you could also add people to your "grep -v" list that you don't want to have that short 30 minute policy.

Code:
EXPIREPASSWD=`cat /etc/passwd | sed 's/:.*//' | egrep -v "root|daemon|bin|sys|adm|lp|uucp|nuucp|smmsp|listen|gdm|webservd|postgres|svctag|nobody|noaccess|nobody4"`
for x in $EXPIREPASSWD
do passwd -f $x
done

# 16  
Old 10-18-2011
Or if you want to be adventurous and non standard play with the source code for unix_acct.c etc ;-)

sp_min , sp_max, sp_lstchg and so on.

Again not recommended but another option.

Cross Reference: /onnv/onnv-gate/usr/src/lib/pam_modules/unix_account/unix_acct.c

Snippet.....
Code:
    180 static	int
    181 perform_passwd_aging_check(
    182 	pam_handle_t *pamh,
    183 	struct 	spwd 	*shpwd,
    184 	int	flags)
    185 {
    186 	time_t 	now = DAY_NOW;
    187 	int	idledays = -1;
    188 	char	*ptr;
    189 	char	messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
    190 	void	*defp;
    191 
    192 
    193 	if ((defp = defopen_r(LOGINADMIN)) != NULL) {
    194 		if ((ptr = defread_r("IDLEWEEKS=", defp)) != NULL)
    195 			idledays = 7 * atoi(ptr);
    196 		defclose_r(defp);
    197 	}
    198 
    199 	/*
    200 	 * if (sp_lstchg == 0), the administrator has forced the
    201 	 * user to change his/her passwd
    202 	 */
    203 	if (shpwd->sp_lstchg == 0)
    204 		return (PAM_NEW_AUTHTOK_REQD);
    205 
    206 	/* If password aging is disabled (or min>max), all is well */
    207 	if (shpwd->sp_max < 0 || shpwd->sp_max < shpwd->sp_min)
    208 		return (PAM_SUCCESS);
    209 
    210 	/* Password aging is enabled. See if the password has aged */
    211 	if (now < (time_t)(shpwd->sp_lstchg + shpwd->sp_max))
    212 		return (PAM_SUCCESS);
    213 
    214 	/* Password has aged. Has it aged more than idledays ? */
    215 	if (idledays < 0)			/* IDLEWEEKS not configured */
    216 		return (PAM_NEW_AUTHTOK_REQD);
    217 
    218 	/* idledays is configured */
    219 	if (idledays > 0 && (now < (time_t)(shpwd->sp_lstchg + idledays)))
    220 		return (PAM_NEW_AUTHTOK_REQD);
    221 
    222 	/* password has aged more that allowed for by IDLEWEEKS */
    223 	if (!(flags & PAM_SILENT)) {
    224 		(void) strlcpy(messages[0], dgettext(TEXT_DOMAIN,
    225 		    "Your password has been expired for too long."),
    226 		    sizeof (messages[0]));
    227 		(void) strlcpy(messages[1], dgettext(TEXT_DOMAIN,
    228 		    "Please contact the system administrator."),
    229 		    sizeof (messages[0]));
    230 		(void) __pam_display_msg(pamh, PAM_ERROR_MSG, 2, messages,
    231 		    NULL);
    232 	}
    233 	return (PAM_AUTHTOK_EXPIRED);
    234 }
    235

Regards,
SRG
This User Gave Thanks to Paragon1970 For This Post:
shekhar_4_u
# 17  
Old 10-18-2011
Indeed, although that would arguably be riskier and probably more complex than setting up a directory server somewhere and configure ldap authentication.

Instead of modifying the OS code, I would suggest an interposition library that would "patch" the perform_passwd_aging_check function to expire specific user's password earlier or maybe a well crafted dtrace script to do the same.
# 18  
Old 10-19-2011
thank you guys! Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

useradd

I want to creat a 27 logins in solaris.Can anyone tell me how to write a script for that so that i create at a time for all 27 people. Thanks to guide me. (6 Replies)
Discussion started by: kkalyan
6 Replies

2. Solaris

useradd problem number 2

i added a default user by command useradd shekhar it took user's default directory as /home/shekhar now when i am going inside /home and giving this command cd /home ls-ld it is not showing any directory named shekhar? why so? thanx shekhar (3 Replies)
Discussion started by: shekhar_4_u
3 Replies

3. UNIX for Advanced & Expert Users

Problem with useradd, -p option in Solaris 10

Good day all. I'm trying to add a user with useradd and the -p option to assign a project name, but the result is that the user is created with an error message: "UX: useradd: user.root name should be all lower case or numeric." The command: useradd -d /export/home/tester -g rtpgrp -G... (2 Replies)
Discussion started by: BRH
2 Replies

4. Solaris

useradd

if useradd command is deleted in solaris how do we add user (3 Replies)
Discussion started by: vivek_ng
3 Replies

5. Solaris

useradd problem

O/S: Solaris 9 Architecture: SPARC The man page for useradd states, "The new login remains locked until the passwd(1) command is executed." This is a problem for me when accessing remotely via SSH and creating a new account from the console with useradd. As soon as I try to login into the... (3 Replies)
Discussion started by: tuxsun1
3 Replies

6. UNIX for Advanced & Expert Users

useradd?

Hi Experts, when using useradd command, what are the necessary options/arguments to be included? Please advice. (4 Replies)
Discussion started by: etcpasswd
4 Replies

7. Shell Programming and Scripting

useradd

Gurus, I need to add a user to all the machines. I need a script to do this. I did one but it does not allow me to su to root within a ssh session i open. It exists saying su: Sorry. Please let me know how i can do it. I do not have the freedom of using sudo either. Regards (4 Replies)
Discussion started by: earlysame55
4 Replies

8. Solaris

useradd

Hi, I need to add a new user who will only be able to access one single folder on my Solaris 9 system. Can this be achieved by using just useradd or do i need to fiddle with auth_attr table? TIA, Selma (4 Replies)
Discussion started by: Selma
4 Replies

9. UNIX for Advanced & Expert Users

useradd

Hi. due to some needs i gave a user the premission to use useradd command with sudo. i want to know if there is a way to let him set the initial password, without giving him the premission to use passwd command as root (sudo). maybe a way to set a default password for all the new users that... (2 Replies)
Discussion started by: dorilevy
2 Replies

10. UNIX for Dummies Questions & Answers

useradd

I work on some hp ux 11.00 Servers. i have to add an user. i use the useradd command like follows: useradd -u 72022 -g 71095 -c " comment " -d /PACKAGE_NAME/home/username -s /usr/bin/sh username The command returns with error 3. The manpage means value number 3: Invalid argument supplied to an... (6 Replies)
Discussion started by: ortsvorsteher
6 Replies
Login or Register to Ask a Question