Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3400
  • Last Modified:

Command to set Solaris PW expiration date...

Hi Experts,

I wrote a Visual FoxPro Application to handle Solaris passwords expiration for Win95 users who are authenticated
by Solaris. The problem I have is that I need to reset the
expiration date on Solaris each time the user changes his or
her password using the VFP application, so that the expiration date maintained by VFP is in sync with the expiration date on Solaris.
We currently have a policy of 60 days before a password change, which was set in admintool for each user.
Is there a command line utility that can change a users password for Solaris and reset their expiration date?
I'm not sure if the Solaris expiration date is reset each
time the user changes his or her password!
  • 3
  • 3
1 Solution
I don't use admintool to create or maintain user definitions, so I cannot comment on it.  But you did ask about command line utilities.  

You can get information about a user with the "logins" command (run as root) as follows;

  # logins -x -l username

It will produce output that looks like this;

  username         1126    groupname            130     Firstname Lastname
                          PS 110698 0 60 14

In the above, the UID is "1126" and the GID is "130".  The information related to password aging is on the last line of the output.  The password status is "PS" (PS for password, NP for no password or LK for locked).   This is followed by "110698" the date that the password was last changed,  "0" the number of days required between changes (in this case 0 means the password can be changed at any time) ,  and "60" the number of days allowed before a change is required (ie. maximum number of days between required password changes).    The last number "14" is the number of days prior to expiration when a warning message will be display at login time advising the user that their password is about to expire.  

These values can be set or modified from the command line by root, using the passwd command as follows;

  # passwd -n 0 -w 14 -x 60 username

Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.  

These values can ONLY be queried or changed by root.  

When a user changes their password, only the encrypted password and current date are stored in /etc/shadow.  The "number-of-days" values are not changed.  

The expiration date, is calculated, not stored.  

Hope this helps,

dweatherbAuthor Commented:
Thanks for your answer blowfish.  By the way what utilities do you use to manage user accounts?  Instead of using the /bin/su -c option can this utility be run as root by setting
the suid bit. What is the octal representation of a file when the suid bit is set so that it runs as root?
Assuming that you want to make the /usr/bin/logins command run setuid root, then issue the following commands, as root;  

  #  chown root /usr/bin/logins
  #  chmod 4755 /usr/bin/logins

I don't often need to do account management myself, unless I am setting up a new Solaris machine and adding all of the users in our support team.  There are currently 17 of us, and I use a shell script to do the initial account creation.  

Of the 12 Solaris machines that we support, only 2 of them have more than about 20-30 accounts on them.  The development machine has 229, and the production machine has 247.  These are mainly FTP accounts used by web publishers.  

2 members of out support team are responsible for account maintenance, and they do it directly from the command line as root.  These machines are located on the Internet, so we do not run any X applications on them.  Account management is done over a secure encrypted connection established using ssh.  

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

dweatherbAuthor Commented:
Thanks again blowfish. I've got onother question.
I been looking for a low-cost (preferably free) solution for handling our login security,etc.
We are using Solaris 2.5.1 in a branch network using WAN links. Our administration will
be centralized. I read about SSH. Is it free? If not how can I evaluate and how easy is it to
administrate?  What about Kerberos? I would appreciate any comments on this subject.
Thanks in advance for your help.


Denmark Weatherburn
System Administrator
SSH provides an alternative/replacement for Telnet, RSH, RCP.  Telnet and the others transfer all information, including login-id's and passwords as cleartext that can be captured using network sniffers.  SSH establishes a secure encrypted channel between 2 hosts using RSA keys, before even transmitting a login-id or password.  

You can get the source for SSH from, and compile it on your Unix platform(s).  Secure encrypted connections can then be established from one host to the other, over the Internet, with no chance of anyone capturing any useable information.  SSH works well through firewalls, as long as traffic on port 22 is not restricted.  

SSH version 1.2.26 is the most recent version that we use.  Version 2.0 is available, but we have not yet implemented it.  Information regarding copyright and commmercial use of SSH on Unix can be found in the SSH source distribution file: ssh-1.2.26/COPYING

SSH sessions can be started at the desktop, if you first telnet to a secure local host, or if you're running X and get your desktop from a secure local host.  There are several SSH clients that run locally on Windows 95/98/NT.  one of them is called F-Secure and is available from DataFellows (, it will operate in evaluation mode for one month, before you must license it.  There are several other Windows clients, some free, try Yahoo, or any of your favorite web-search engines.  

dweatherbAuthor Commented:
Thanks blowfish!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now