Solved

Command to set Solaris PW expiration date...

Posted on 1998-11-26
6
2,858 Views
Last Modified: 2013-12-21
Hi Experts,

I wrote a Visual FoxPro Application to handle Solaris passwords expiration for Win95 users who are authenticated
by Solaris. The problem I have is that I need to reset the
expiration date on Solaris each time the user changes his or
her password using the VFP application, so that the expiration date maintained by VFP is in sync with the expiration date on Solaris.
We currently have a policy of 60 days before a password change, which was set in admintool for each user.
Is there a command line utility that can change a users password for Solaris and reset their expiration date?
I'm not sure if the Solaris expiration date is reset each
time the user changes his or her password!
sync
0
Comment
Question by:dweatherb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 2

Accepted Solution

by:
blowfish earned 100 total points
ID: 2008093
I don't use admintool to create or maintain user definitions, so I cannot comment on it.  But you did ask about command line utilities.  

You can get information about a user with the "logins" command (run as root) as follows;

  # logins -x -l username

It will produce output that looks like this;

  username         1126    groupname            130     Firstname Lastname
                          /home/username
                          /bin/ksh
                          PS 110698 0 60 14

In the above, the UID is "1126" and the GID is "130".  The information related to password aging is on the last line of the output.  The password status is "PS" (PS for password, NP for no password or LK for locked).   This is followed by "110698" the date that the password was last changed,  "0" the number of days required between changes (in this case 0 means the password can be changed at any time) ,  and "60" the number of days allowed before a change is required (ie. maximum number of days between required password changes).    The last number "14" is the number of days prior to expiration when a warning message will be display at login time advising the user that their password is about to expire.  

These values can be set or modified from the command line by root, using the passwd command as follows;

  # passwd -n 0 -w 14 -x 60 username

Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.  

These values can ONLY be queried or changed by root.  

When a user changes their password, only the encrypted password and current date are stored in /etc/shadow.  The "number-of-days" values are not changed.  

The expiration date, is calculated, not stored.  

Hope this helps,

--frankf
0
 

Author Comment

by:dweatherb
ID: 2008094
Thanks for your answer blowfish.  By the way what utilities do you use to manage user accounts?  Instead of using the /bin/su -c option can this utility be run as root by setting
the suid bit. What is the octal representation of a file when the suid bit is set so that it runs as root?
0
 
LVL 2

Expert Comment

by:blowfish
ID: 2008095
Assuming that you want to make the /usr/bin/logins command run setuid root, then issue the following commands, as root;  

  #  chown root /usr/bin/logins
  #  chmod 4755 /usr/bin/logins

I don't often need to do account management myself, unless I am setting up a new Solaris machine and adding all of the users in our support team.  There are currently 17 of us, and I use a shell script to do the initial account creation.  

Of the 12 Solaris machines that we support, only 2 of them have more than about 20-30 accounts on them.  The development machine has 229, and the production machine has 247.  These are mainly FTP accounts used by web publishers.  

2 members of out support team are responsible for account maintenance, and they do it directly from the command line as root.  These machines are located on the Internet, so we do not run any X applications on them.  Account management is done over a secure encrypted connection established using ssh.  

--frankf
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dweatherb
ID: 2008096
Thanks again blowfish. I've got onother question.
I been looking for a low-cost (preferably free) solution for handling our login security,etc.
We are using Solaris 2.5.1 in a branch network using WAN links. Our administration will
be centralized. I read about SSH. Is it free? If not how can I evaluate and how easy is it to
administrate?  What about Kerberos? I would appreciate any comments on this subject.
Thanks in advance for your help.

Regards!

Denmark Weatherburn
System Administrator
0
 
LVL 2

Expert Comment

by:blowfish
ID: 2008097
SSH provides an alternative/replacement for Telnet, RSH, RCP.  Telnet and the others transfer all information, including login-id's and passwords as cleartext that can be captured using network sniffers.  SSH establishes a secure encrypted channel between 2 hosts using RSA keys, before even transmitting a login-id or password.  

You can get the source for SSH from ftp.cs.hut.fi:/pub/ssh, and compile it on your Unix platform(s).  Secure encrypted connections can then be established from one host to the other, over the Internet, with no chance of anyone capturing any useable information.  SSH works well through firewalls, as long as traffic on port 22 is not restricted.  

SSH version 1.2.26 is the most recent version that we use.  Version 2.0 is available, but we have not yet implemented it.  Information regarding copyright and commmercial use of SSH on Unix can be found in the SSH source distribution file: ssh-1.2.26/COPYING

SSH sessions can be started at the desktop, if you first telnet to a secure local host, or if you're running X and get your desktop from a secure local host.  There are several SSH clients that run locally on Windows 95/98/NT.  one of them is called F-Secure and is available from DataFellows (http://www.datafellows.com/), it will operate in evaluation mode for one month, before you must license it.  There are several other Windows clients, some free, try Yahoo, or any of your favorite web-search engines.  

--frankf
0
 

Author Comment

by:dweatherb
ID: 2008098
Thanks blowfish!
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question