• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2314
  • Last Modified:

AIX - expiring password for an account

I have an account that needs to be set to never expire password. I have set the account in /etc/security/user to maxage = 0  . But, it is stil giving reminder that password is about to expire. What else can I do?
0
AIX25
Asked:
AIX25
  • 6
  • 6
2 Solutions
 
woolmilkporcCommented:
Has the change to /etc/security/user been accepted by the system?

Check with

lsuser -a maxage userid

If all seems correct - are there any flags set in /etc/security/passwd, particularly ADMCHG?
If so, you can clear all flags with

pwdadm -c userid

If this doesn't help - is pwdwarntime set for this user?

If so, set to "no warning" with

chuser pwdwarntime=0 userid

By the way, instead of editing /etc/security/user you should always prefer "chuser", if at all possible.

As a very last resort you could disable all checks for this user:

pwdadm -f NOCHECK userid

This change will update /etc/security/passwd.

wmp
0
 
AIX25Author Commented:
root@server[/]# pwdadm -f NOCHECK user
Error changing "user".

root@server[/]# chuser pwdwarntime=0 user
Error changing "pwdwarntime" to "0".

This is NIS env, not sure if that helps??
0
 
woolmilkporcCommented:
Not only that it helps, it indeed changes everything.

pwdadm and chuser don't work against NIS users.

It seems that the message comes from the NIS server.

Please check there!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
AIX25Author Commented:
Can I run that the pwdadm and chuser commands from the NIS master? Maxage is not setup on the NIS master server the account. What should I do to replicate it to the client?
0
 
woolmilkporcCommented:
Yes, of course, if it's AIX.

What did lsuser user on the client say?
0
 
AIX25Author Commented:
root@server[/]# lsuser user
user id=7626 pgrp=group groups=group home=/home/user shell=/usr/bin/ksh gecos=law user login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=NIS SYSTEM=compat logintimes= loginretries=5 pwdwarntime=15 account_locked=false minage=1 maxage=0 maxexpired=1 minalpha=1 minother=1 mindiff=3 maxrepeats=3 minlen=8 histexpire=52 histsize=12 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=32000 time_last_login=1302396929 time_last_unsuccessful_login=1208679387 unsuccessful_login_count=0 roles=
0
 
woolmilkporcCommented:
If working on the NIS server doesn't help try adding pwdwarntime=0 to /etc/security/user on the client manually.
 
Also consider removing the "last_update" line from the user's stanza in /etc/security/passwd on the client.
0
 
AIX25Author Commented:
Its space sensitive...correct? pwdwarntime = 0?
0
 
woolmilkporcCommented:
Yes, sorry.
0
 
AIX25Author Commented:
That did not work. User says it still give the warning...2 days left to change password. This is id that should not expire. Its a service id that users log in to access with, so we have to make sure it does not expire. Anything else we can do?
0
 
woolmilkporcCommented:
Is there an entry in /etc/security/passwd for that user?

If so, any flags or a "last_update" line?
0
 
AIX25Author Commented:
I went ahead and su'ed to the id and changed the password to what they use, so this will be a temp fix and buy me time...about 90 days...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now