UNIX for Advanced & Expert Users

Hi I am using SUN_Unix and HPUX. We have a discussion of how to force people to change their passwords every 90 days I suppose.

I have seen the case where I log on to a system, which I have my password change with in the last 90 days, the system would prompt me to change the password immediately. Like I run the passwd command by my self.

I would like to reproduce the situation. Where the user login, if the password have been changed for a period of time the system will ask for the new password.

Thanks in advance
Vu

u want to write a script???
or u need options...
man useradd in solaris...
or admintool

For HP I'm not sure - the man page for passwd mentions a /etc/default/security file which keeps a history but did not mention /etc/default/passwd which, in Solaris, allows you to set different limits. It may be the same but I can't tell (or test at the moment)- check out the man page for passwd.

On Solaris, /etc/default/passwd is the file you want. Again, check out the man page for passwd which explains it all.

Note that the changes in HP and Solaris will not work on NIS accounts. NIS+ on Solaris has a different solution I believe.

Nice to be back on this forum - I was a regular in the old days, it's very encouraging to see how this board has expanded.

Anyway vtran4270 you can utilise SAM on HP-UX to set various account password options such as password lifetimes, password expiration, allowed time between password changes etc. Once you enter the SAM GUI or TUI navigate as follows: Auditing and Security > System Security Policies > Password Aging Policies.

I cannot determine from the information you have given if you are running a trusted HP-UX system. If not, you may want to look into converting to a trusted system, it provides many additional security benefits as well as a new range of options in managing and controlling system accounts. Once the system is trusted the account details are held under /tcb and you can utilise the command /usr/lbin/getprpw and /usr/lbin/modprpw to view and change account parameters for specific users. These are powerful and very useful commands - read the man pages for more details.

If you're not running a trusted system make sure you undergo a brief feasability study to ensure certain services will not suffer when you convert to trusted system, certain account changes can cause services running under those accounts to error next time they are restarted, and I have experienced this before.

Hope this helps.