Password Last Change Date

Dear Experts,

I have problem in make sure the password last change date in shadow file in Solaris 11.
Here's the line : root:HhOVtAnPp:6445::::::

I read from a source that the lastch date could be determined by adding 6445 with 1/1/1970. In this case I add 6445 with 1/1/1970 and i got 25-Aug-1987.
My questions is : Does the 6445 number above indicate that the root user has never changed the password? If the answer is yest, it'll become another question to me, because the system administrator told me that the password is changed regularly.

Is there any possibility that although the password has been changed, the lastch date in shadow file is not changed?

Thank you for your input before,
regards,
l3bb1t
l3bb1tAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yuzhCommented:
6445 - means the password is set in the system installation time. eg, if the system is rebuilt a month ago then it is one month old, if it is built 3 years ago, then it is 3 yrs.

have a look at:
http://www.phptr.com/articles/article.asp?p=26523
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yuzhCommented:
PS: Solaris 11 has not yet released, to find out your OS version, type in:

uname -a

and post the output.
0
l3bb1tAuthor Commented:
thank you yuzh..

That was what i thought before too. But I became doubtful after the system administrator insisted that he had changed the password monthly and the installation was about 1 year ago. Only root user and some other system users have 6445 value. Others have various value, such as : 12696.

Hmm....

confusing...
l3bb1t

ps. thank you too about Solaris 11. I was wrong about that. Anyway, the OS is Solaris.
0
yuzhCommented:
You can do a test to change the root password and see what happen to /etc/shadow file,
then put the original password backup to what it was.

If the 6445 didn't change, please post the output of:

uname -a

to see if any patch need to apply to your box.
0
jlevieCommented:
'passwd -sa' will tell when the passwords were last changed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.