Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Command to set Solaris PW expiration date...

Posted on 1998-11-26
6
Medium Priority
?
3,091 Views
Last Modified: 2013-12-21
Hi Experts,

I wrote a Visual FoxPro Application to handle Solaris passwords expiration for Win95 users who are authenticated
by Solaris. The problem I have is that I need to reset the
expiration date on Solaris each time the user changes his or
her password using the VFP application, so that the expiration date maintained by VFP is in sync with the expiration date on Solaris.
We currently have a policy of 60 days before a password change, which was set in admintool for each user.
Is there a command line utility that can change a users password for Solaris and reset their expiration date?
I'm not sure if the Solaris expiration date is reset each
time the user changes his or her password!
sync
0
Comment
Question by:dweatherb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 2

Accepted Solution

by:
blowfish earned 400 total points
ID: 2008093
I don't use admintool to create or maintain user definitions, so I cannot comment on it.  But you did ask about command line utilities.  

You can get information about a user with the "logins" command (run as root) as follows;

  # logins -x -l username

It will produce output that looks like this;

  username         1126    groupname            130     Firstname Lastname
                          /home/username
                          /bin/ksh
                          PS 110698 0 60 14

In the above, the UID is "1126" and the GID is "130".  The information related to password aging is on the last line of the output.  The password status is "PS" (PS for password, NP for no password or LK for locked).   This is followed by "110698" the date that the password was last changed,  "0" the number of days required between changes (in this case 0 means the password can be changed at any time) ,  and "60" the number of days allowed before a change is required (ie. maximum number of days between required password changes).    The last number "14" is the number of days prior to expiration when a warning message will be display at login time advising the user that their password is about to expire.  

These values can be set or modified from the command line by root, using the passwd command as follows;

  # passwd -n 0 -w 14 -x 60 username

Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.  

These values can ONLY be queried or changed by root.  

When a user changes their password, only the encrypted password and current date are stored in /etc/shadow.  The "number-of-days" values are not changed.  

The expiration date, is calculated, not stored.  

Hope this helps,

--frankf
0
 

Author Comment

by:dweatherb
ID: 2008094
Thanks for your answer blowfish.  By the way what utilities do you use to manage user accounts?  Instead of using the /bin/su -c option can this utility be run as root by setting
the suid bit. What is the octal representation of a file when the suid bit is set so that it runs as root?
0
 
LVL 2

Expert Comment

by:blowfish
ID: 2008095
Assuming that you want to make the /usr/bin/logins command run setuid root, then issue the following commands, as root;  

  #  chown root /usr/bin/logins
  #  chmod 4755 /usr/bin/logins

I don't often need to do account management myself, unless I am setting up a new Solaris machine and adding all of the users in our support team.  There are currently 17 of us, and I use a shell script to do the initial account creation.  

Of the 12 Solaris machines that we support, only 2 of them have more than about 20-30 accounts on them.  The development machine has 229, and the production machine has 247.  These are mainly FTP accounts used by web publishers.  

2 members of out support team are responsible for account maintenance, and they do it directly from the command line as root.  These machines are located on the Internet, so we do not run any X applications on them.  Account management is done over a secure encrypted connection established using ssh.  

--frankf
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:dweatherb
ID: 2008096
Thanks again blowfish. I've got onother question.
I been looking for a low-cost (preferably free) solution for handling our login security,etc.
We are using Solaris 2.5.1 in a branch network using WAN links. Our administration will
be centralized. I read about SSH. Is it free? If not how can I evaluate and how easy is it to
administrate?  What about Kerberos? I would appreciate any comments on this subject.
Thanks in advance for your help.

Regards!

Denmark Weatherburn
System Administrator
0
 
LVL 2

Expert Comment

by:blowfish
ID: 2008097
SSH provides an alternative/replacement for Telnet, RSH, RCP.  Telnet and the others transfer all information, including login-id's and passwords as cleartext that can be captured using network sniffers.  SSH establishes a secure encrypted channel between 2 hosts using RSA keys, before even transmitting a login-id or password.  

You can get the source for SSH from ftp.cs.hut.fi:/pub/ssh, and compile it on your Unix platform(s).  Secure encrypted connections can then be established from one host to the other, over the Internet, with no chance of anyone capturing any useable information.  SSH works well through firewalls, as long as traffic on port 22 is not restricted.  

SSH version 1.2.26 is the most recent version that we use.  Version 2.0 is available, but we have not yet implemented it.  Information regarding copyright and commmercial use of SSH on Unix can be found in the SSH source distribution file: ssh-1.2.26/COPYING

SSH sessions can be started at the desktop, if you first telnet to a secure local host, or if you're running X and get your desktop from a secure local host.  There are several SSH clients that run locally on Windows 95/98/NT.  one of them is called F-Secure and is available from DataFellows (http://www.datafellows.com/), it will operate in evaluation mode for one month, before you must license it.  There are several other Windows clients, some free, try Yahoo, or any of your favorite web-search engines.  

--frankf
0
 

Author Comment

by:dweatherb
ID: 2008098
Thanks blowfish!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question