Solved

Command to set Solaris PW expiration date...

Posted on 1998-11-26
6
2,534 Views
Last Modified: 2013-12-21
Hi Experts,

I wrote a Visual FoxPro Application to handle Solaris passwords expiration for Win95 users who are authenticated
by Solaris. The problem I have is that I need to reset the
expiration date on Solaris each time the user changes his or
her password using the VFP application, so that the expiration date maintained by VFP is in sync with the expiration date on Solaris.
We currently have a policy of 60 days before a password change, which was set in admintool for each user.
Is there a command line utility that can change a users password for Solaris and reset their expiration date?
I'm not sure if the Solaris expiration date is reset each
time the user changes his or her password!
sync
0
Comment
Question by:dweatherb
  • 3
  • 3
6 Comments
 
LVL 2

Accepted Solution

by:
blowfish earned 100 total points
Comment Utility
I don't use admintool to create or maintain user definitions, so I cannot comment on it.  But you did ask about command line utilities.  

You can get information about a user with the "logins" command (run as root) as follows;

  # logins -x -l username

It will produce output that looks like this;

  username         1126    groupname            130     Firstname Lastname
                          /home/username
                          /bin/ksh
                          PS 110698 0 60 14

In the above, the UID is "1126" and the GID is "130".  The information related to password aging is on the last line of the output.  The password status is "PS" (PS for password, NP for no password or LK for locked).   This is followed by "110698" the date that the password was last changed,  "0" the number of days required between changes (in this case 0 means the password can be changed at any time) ,  and "60" the number of days allowed before a change is required (ie. maximum number of days between required password changes).    The last number "14" is the number of days prior to expiration when a warning message will be display at login time advising the user that their password is about to expire.  

These values can be set or modified from the command line by root, using the passwd command as follows;

  # passwd -n 0 -w 14 -x 60 username

Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.  

These values can ONLY be queried or changed by root.  

When a user changes their password, only the encrypted password and current date are stored in /etc/shadow.  The "number-of-days" values are not changed.  

The expiration date, is calculated, not stored.  

Hope this helps,

--frankf
0
 

Author Comment

by:dweatherb
Comment Utility
Thanks for your answer blowfish.  By the way what utilities do you use to manage user accounts?  Instead of using the /bin/su -c option can this utility be run as root by setting
the suid bit. What is the octal representation of a file when the suid bit is set so that it runs as root?
0
 
LVL 2

Expert Comment

by:blowfish
Comment Utility
Assuming that you want to make the /usr/bin/logins command run setuid root, then issue the following commands, as root;  

  #  chown root /usr/bin/logins
  #  chmod 4755 /usr/bin/logins

I don't often need to do account management myself, unless I am setting up a new Solaris machine and adding all of the users in our support team.  There are currently 17 of us, and I use a shell script to do the initial account creation.  

Of the 12 Solaris machines that we support, only 2 of them have more than about 20-30 accounts on them.  The development machine has 229, and the production machine has 247.  These are mainly FTP accounts used by web publishers.  

2 members of out support team are responsible for account maintenance, and they do it directly from the command line as root.  These machines are located on the Internet, so we do not run any X applications on them.  Account management is done over a secure encrypted connection established using ssh.  

--frankf
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:dweatherb
Comment Utility
Thanks again blowfish. I've got onother question.
I been looking for a low-cost (preferably free) solution for handling our login security,etc.
We are using Solaris 2.5.1 in a branch network using WAN links. Our administration will
be centralized. I read about SSH. Is it free? If not how can I evaluate and how easy is it to
administrate?  What about Kerberos? I would appreciate any comments on this subject.
Thanks in advance for your help.

Regards!

Denmark Weatherburn
System Administrator
0
 
LVL 2

Expert Comment

by:blowfish
Comment Utility
SSH provides an alternative/replacement for Telnet, RSH, RCP.  Telnet and the others transfer all information, including login-id's and passwords as cleartext that can be captured using network sniffers.  SSH establishes a secure encrypted channel between 2 hosts using RSA keys, before even transmitting a login-id or password.  

You can get the source for SSH from ftp.cs.hut.fi:/pub/ssh, and compile it on your Unix platform(s).  Secure encrypted connections can then be established from one host to the other, over the Internet, with no chance of anyone capturing any useable information.  SSH works well through firewalls, as long as traffic on port 22 is not restricted.  

SSH version 1.2.26 is the most recent version that we use.  Version 2.0 is available, but we have not yet implemented it.  Information regarding copyright and commmercial use of SSH on Unix can be found in the SSH source distribution file: ssh-1.2.26/COPYING

SSH sessions can be started at the desktop, if you first telnet to a secure local host, or if you're running X and get your desktop from a secure local host.  There are several SSH clients that run locally on Windows 95/98/NT.  one of them is called F-Secure and is available from DataFellows (http://www.datafellows.com/), it will operate in evaluation mode for one month, before you must license it.  There are several other Windows clients, some free, try Yahoo, or any of your favorite web-search engines.  

--frankf
0
 

Author Comment

by:dweatherb
Comment Utility
Thanks blowfish!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now