?
Solved

AIX - expiring password for an account

Posted on 2012-04-05
12
Medium Priority
?
2,111 Views
Last Modified: 2012-04-05
I have an account that needs to be set to never expire password. I have set the account in /etc/security/user to maxage = 0  . But, it is stil giving reminder that password is about to expire. What else can I do?
0
Comment
Question by:AIX25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 37813058
Has the change to /etc/security/user been accepted by the system?

Check with

lsuser -a maxage userid

If all seems correct - are there any flags set in /etc/security/passwd, particularly ADMCHG?
If so, you can clear all flags with

pwdadm -c userid

If this doesn't help - is pwdwarntime set for this user?

If so, set to "no warning" with

chuser pwdwarntime=0 userid

By the way, instead of editing /etc/security/user you should always prefer "chuser", if at all possible.

As a very last resort you could disable all checks for this user:

pwdadm -f NOCHECK userid

This change will update /etc/security/passwd.

wmp
0
 

Author Comment

by:AIX25
ID: 37813245
root@server[/]# pwdadm -f NOCHECK user
Error changing "user".

root@server[/]# chuser pwdwarntime=0 user
Error changing "pwdwarntime" to "0".

This is NIS env, not sure if that helps??
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813291
Not only that it helps, it indeed changes everything.

pwdadm and chuser don't work against NIS users.

It seems that the message comes from the NIS server.

Please check there!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:AIX25
ID: 37813594
Can I run that the pwdadm and chuser commands from the NIS master? Maxage is not setup on the NIS master server the account. What should I do to replicate it to the client?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813678
Yes, of course, if it's AIX.

What did lsuser user on the client say?
0
 

Author Comment

by:AIX25
ID: 37813835
root@server[/]# lsuser user
user id=7626 pgrp=group groups=group home=/home/user shell=/usr/bin/ksh gecos=law user login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=NIS SYSTEM=compat logintimes= loginretries=5 pwdwarntime=15 account_locked=false minage=1 maxage=0 maxexpired=1 minalpha=1 minother=1 mindiff=3 maxrepeats=3 minlen=8 histexpire=52 histsize=12 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=32000 time_last_login=1302396929 time_last_unsuccessful_login=1208679387 unsuccessful_login_count=0 roles=
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 37813873
If working on the NIS server doesn't help try adding pwdwarntime=0 to /etc/security/user on the client manually.
 
Also consider removing the "last_update" line from the user's stanza in /etc/security/passwd on the client.
0
 

Author Comment

by:AIX25
ID: 37813910
Its space sensitive...correct? pwdwarntime = 0?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813933
Yes, sorry.
0
 

Author Comment

by:AIX25
ID: 37813987
That did not work. User says it still give the warning...2 days left to change password. This is id that should not expire. Its a service id that users log in to access with, so we have to make sure it does not expire. Anything else we can do?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37814008
Is there an entry in /etc/security/passwd for that user?

If so, any flags or a "last_update" line?
0
 

Author Comment

by:AIX25
ID: 37814384
I went ahead and su'ed to the id and changed the password to what they use, so this will be a temp fix and buy me time...about 90 days...
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month9 days, 17 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question