Go Premium for a chance to win a PS4. Enter to Win


Command to set Solaris PW expiration date...

Posted on 1998-11-26
Medium Priority
Last Modified: 2013-12-21
Hi Experts,

I wrote a Visual FoxPro Application to handle Solaris passwords expiration for Win95 users who are authenticated
by Solaris. The problem I have is that I need to reset the
expiration date on Solaris each time the user changes his or
her password using the VFP application, so that the expiration date maintained by VFP is in sync with the expiration date on Solaris.
We currently have a policy of 60 days before a password change, which was set in admintool for each user.
Is there a command line utility that can change a users password for Solaris and reset their expiration date?
I'm not sure if the Solaris expiration date is reset each
time the user changes his or her password!
Question by:dweatherb
  • 3
  • 3

Accepted Solution

blowfish earned 400 total points
ID: 2008093
I don't use admintool to create or maintain user definitions, so I cannot comment on it.  But you did ask about command line utilities.  

You can get information about a user with the "logins" command (run as root) as follows;

  # logins -x -l username

It will produce output that looks like this;

  username         1126    groupname            130     Firstname Lastname
                          PS 110698 0 60 14

In the above, the UID is "1126" and the GID is "130".  The information related to password aging is on the last line of the output.  The password status is "PS" (PS for password, NP for no password or LK for locked).   This is followed by "110698" the date that the password was last changed,  "0" the number of days required between changes (in this case 0 means the password can be changed at any time) ,  and "60" the number of days allowed before a change is required (ie. maximum number of days between required password changes).    The last number "14" is the number of days prior to expiration when a warning message will be display at login time advising the user that their password is about to expire.  

These values can be set or modified from the command line by root, using the passwd command as follows;

  # passwd -n 0 -w 14 -x 60 username

Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.  

These values can ONLY be queried or changed by root.  

When a user changes their password, only the encrypted password and current date are stored in /etc/shadow.  The "number-of-days" values are not changed.  

The expiration date, is calculated, not stored.  

Hope this helps,


Author Comment

ID: 2008094
Thanks for your answer blowfish.  By the way what utilities do you use to manage user accounts?  Instead of using the /bin/su -c option can this utility be run as root by setting
the suid bit. What is the octal representation of a file when the suid bit is set so that it runs as root?

Expert Comment

ID: 2008095
Assuming that you want to make the /usr/bin/logins command run setuid root, then issue the following commands, as root;  

  #  chown root /usr/bin/logins
  #  chmod 4755 /usr/bin/logins

I don't often need to do account management myself, unless I am setting up a new Solaris machine and adding all of the users in our support team.  There are currently 17 of us, and I use a shell script to do the initial account creation.  

Of the 12 Solaris machines that we support, only 2 of them have more than about 20-30 accounts on them.  The development machine has 229, and the production machine has 247.  These are mainly FTP accounts used by web publishers.  

2 members of out support team are responsible for account maintenance, and they do it directly from the command line as root.  These machines are located on the Internet, so we do not run any X applications on them.  Account management is done over a secure encrypted connection established using ssh.  


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 2008096
Thanks again blowfish. I've got onother question.
I been looking for a low-cost (preferably free) solution for handling our login security,etc.
We are using Solaris 2.5.1 in a branch network using WAN links. Our administration will
be centralized. I read about SSH. Is it free? If not how can I evaluate and how easy is it to
administrate?  What about Kerberos? I would appreciate any comments on this subject.
Thanks in advance for your help.


Denmark Weatherburn
System Administrator

Expert Comment

ID: 2008097
SSH provides an alternative/replacement for Telnet, RSH, RCP.  Telnet and the others transfer all information, including login-id's and passwords as cleartext that can be captured using network sniffers.  SSH establishes a secure encrypted channel between 2 hosts using RSA keys, before even transmitting a login-id or password.  

You can get the source for SSH from ftp.cs.hut.fi:/pub/ssh, and compile it on your Unix platform(s).  Secure encrypted connections can then be established from one host to the other, over the Internet, with no chance of anyone capturing any useable information.  SSH works well through firewalls, as long as traffic on port 22 is not restricted.  

SSH version 1.2.26 is the most recent version that we use.  Version 2.0 is available, but we have not yet implemented it.  Information regarding copyright and commmercial use of SSH on Unix can be found in the SSH source distribution file: ssh-1.2.26/COPYING

SSH sessions can be started at the desktop, if you first telnet to a secure local host, or if you're running X and get your desktop from a secure local host.  There are several SSH clients that run locally on Windows 95/98/NT.  one of them is called F-Secure and is available from DataFellows (http://www.datafellows.com/), it will operate in evaluation mode for one month, before you must license it.  There are several other Windows clients, some free, try Yahoo, or any of your favorite web-search engines.  


Author Comment

ID: 2008098
Thanks blowfish!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month13 days, 7 hours left to enroll

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question