Change - Password expiry Reset (Boot)


 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers Change - Password expiry Reset (Boot)
# 1  
Old 07-11-2018
Change - Password expiry Reset (Boot)

I have been searching the web for the answer to this question but without joy.
Hopefully, someone here can point me in the right direction...

We have a number of application OS accounts which require to be set with password non-expiry via the chage command, such as for example...
Code:
chage -M 0 -m 99999 -I -1 -E -1 <username>

However, the host OS VM (Exadata env) which runs on an Oracle Linux distribution was rebooted a few days ago. The below messaging was observed in the 'var/log/secure'

Code:
chage[12345]: changed password expiry for <username>
chage[67891]: changed password expiry for <other_username>
chage[01234]: changed password expiry for <some_other_user>

etc...

We uncovered this, too late, after the application account became locked due to password expiry.

I'm assuming that somewhere within the rc3 scripts, there is a something invoking this as part of init script startup but I have no idea what or why? I can't reboot again in order to script something to decipher the startup scripts and I can't seem to find any identifiable pointers as to specifically what would've been executing in or around the time.

Something has been invoked here and reset the chage properties for some accounts by resetting back to some defaults. We are using PAM for authentication.
Anyone have any idea what this might be or how to trace the origin?

Thanks
R

Last edited by rbatte1; 07-13-2018 at 10:36 AM.. Reason: Changed ICODE tags for CODE tags
# 2  
Old 07-12-2018
You want to switch off all password ageing with 'change age' (chage) so that passwords never expire??

If that's correct then try:

Code:
# chage -E -1 -M -1 <username>

Should work on most distributions of Linux.
# 3  
Old 07-12-2018
Thanks hicksd8.

That's fine but what I really want to know is the origin of the 'chage' command messaging referenced during init (Or shortly after) in the /var/log/secure log.

I'm trying to locate the culprit script thats 'chage'ing my users without my consent....

Thanks
# 4  
Old 07-12-2018
Hmmmm.......depending on which distribution you are running, have you tried going into the directory (e.g. /etc/rc3.d or whatever) and grep'ing everything for 'chage'??

I take your point that the log definitely seems to indicate that 'chage' is being run (at boot time) so I would try grep'ing for that.

Of course, something in rc3 could be calling something else which calling chage and that would need more detective work.
# 5  
Old 07-12-2018
I'm answering you blind not knowing exactly which Linux dist you are running but more in depth detective work may entail:

(Make backup copies of any files you alter)

1. change the name of the 'chage' command to something else and create a script to call it whilst preceding with

Code:
echo "Running chage"

so that every time chage is run during boot it tells you on the console.

2. modify the rc3 boot script (e.g. /etc/rc3 or perhaps /etc/rc2) and insert an echo command to print the filenames of all 'S' files as it boots followed by a 'sleep 2' (2 second wait) after each. Test that it displays the name of each 'S' file on the console as it boots and slows the boot process right down.

Then you should be able to see each 'S' filename displayed before it's run AND one of them followed by "Running chage".

I've done many a booting hack such as this to very good effect in my time.

Other experts on this forum who are better at scripting than me might suggest better ideas.
# 6  
Old 07-12-2018
Thanks - its Oracle Linux 6.9, so essentially RHEL.

Quote:
have you tried going into the directory (e.g. /etc/rc3.d or whatever) and grep'ing everything for 'chage'??
Yep, that is precisely what I initially tried but no luck, and as you mentioned it could be a cascading effect of some other sub script being invoked.

Your idea to manipulate the init scripts is great, and I have done this myself in the past for debugging but for this host - reboot is not possible so no joy.

Regards
R
# 7  
Old 07-12-2018
Okay, perhaps you are stuck with doing a system-wide 'find' of all files 'type -f' for string 'chage' and then justfying all files in the list to yourself as to why they should contain 'chage'.

I can't think of much else without rebooting unless someone on here knows your distribution inside out and backwards.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

2. Shell Programming and Scripting

Password expiry report

Hi All, I want to write a script that will send the alert when linux server password expiry for user 'x' is less than 12 days. I have written the below script but this is not working for expiry date 04 july script;- P_EXPIRY_DATE=`chage -l msdp| grep 'Password expires' | awk ' {... (2 Replies)
Discussion started by: abhigrkist
2 Replies

3. Shell Programming and Scripting

Scripted change of Oracle password on expiry

Hi All, I want to write a shell script to change the password on list of database servers, please guide me how do I achieve this. Please see below sample, how it is asking while manually changing the password, sqlplus test@oracle SQL*Plus: Release 9.2.0.2.0 - Production on Thu Jun 16... (4 Replies)
Discussion started by: gr8_usk
4 Replies

4. Solaris

disable password expiry

Hi How do i disable password expiration on ldap? It runs on Solaris 10 machine. Thanks in advance. (3 Replies)
Discussion started by: hrist
3 Replies

5. Solaris

Solaris 9 Reset Password - boot cdrom -s not working

Boot device : /pci@1f,4000/scsi@3/disk@0,0:a File and args: -s cdrom SunOS Release 5.9 Version Generic_118558-11 64-bit (6 Replies)
Discussion started by: agummad
6 Replies

6. Shell Programming and Scripting

password expiry notification

Hi, Could someone please let me know how to write script for passwd expiry notification on salaries boxes. Regards Dnyan (1 Reply)
Discussion started by: dnyan
1 Replies

7. Solaris

SSH Password-less login fails on password expiry.

Hi Gurus I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails. Resetting my password reenables the keys. Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies

8. Solaris

Notification of password expiry.

Hi, Is there any way of sending an email to a number of users indicating that the passwords of user accounts will expire? Currently we have a test server with a number of oracle test accounts on it. Each of these accounts correspond to an instance of Oracle on the server. These... (2 Replies)
Discussion started by: sparcman
2 Replies

9. Solaris

Notification of password expiry.

Hi, Is there any way of sending an email to a number of users indicating that the passwords of user accounts will expire? Currently we have a test server with a number of oracle test accounts on it. Each of these accounts correspond to an instance of Oracle on the server. These... (2 Replies)
Discussion started by: sparcman
2 Replies

10. UNIX for Advanced & Expert Users

password expiry

Hi, under SUN Unix, in which file the expiry date of a user password is indicated ? Many thanks. (2 Replies)
Discussion started by: big123456
2 Replies
Login or Register to Ask a Question