Solved

AIX - expiring password for an account

Posted on 2012-04-05
12
1,685 Views
Last Modified: 2012-04-05
I have an account that needs to be set to never expire password. I have set the account in /etc/security/user to maxage = 0  . But, it is stil giving reminder that password is about to expire. What else can I do?
0
Comment
Question by:AIX25
  • 6
  • 6
12 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 37813058
Has the change to /etc/security/user been accepted by the system?

Check with

lsuser -a maxage userid

If all seems correct - are there any flags set in /etc/security/passwd, particularly ADMCHG?
If so, you can clear all flags with

pwdadm -c userid

If this doesn't help - is pwdwarntime set for this user?

If so, set to "no warning" with

chuser pwdwarntime=0 userid

By the way, instead of editing /etc/security/user you should always prefer "chuser", if at all possible.

As a very last resort you could disable all checks for this user:

pwdadm -f NOCHECK userid

This change will update /etc/security/passwd.

wmp
0
 

Author Comment

by:AIX25
ID: 37813245
root@server[/]# pwdadm -f NOCHECK user
Error changing "user".

root@server[/]# chuser pwdwarntime=0 user
Error changing "pwdwarntime" to "0".

This is NIS env, not sure if that helps??
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813291
Not only that it helps, it indeed changes everything.

pwdadm and chuser don't work against NIS users.

It seems that the message comes from the NIS server.

Please check there!
0
 

Author Comment

by:AIX25
ID: 37813594
Can I run that the pwdadm and chuser commands from the NIS master? Maxage is not setup on the NIS master server the account. What should I do to replicate it to the client?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813678
Yes, of course, if it's AIX.

What did lsuser user on the client say?
0
 

Author Comment

by:AIX25
ID: 37813835
root@server[/]# lsuser user
user id=7626 pgrp=group groups=group home=/home/user shell=/usr/bin/ksh gecos=law user login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=NIS SYSTEM=compat logintimes= loginretries=5 pwdwarntime=15 account_locked=false minage=1 maxage=0 maxexpired=1 minalpha=1 minother=1 mindiff=3 maxrepeats=3 minlen=8 histexpire=52 histsize=12 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=32000 time_last_login=1302396929 time_last_unsuccessful_login=1208679387 unsuccessful_login_count=0 roles=
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 37813873
If working on the NIS server doesn't help try adding pwdwarntime=0 to /etc/security/user on the client manually.
 
Also consider removing the "last_update" line from the user's stanza in /etc/security/passwd on the client.
0
 

Author Comment

by:AIX25
ID: 37813910
Its space sensitive...correct? pwdwarntime = 0?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813933
Yes, sorry.
0
 

Author Comment

by:AIX25
ID: 37813987
That did not work. User says it still give the warning...2 days left to change password. This is id that should not expire. Its a service id that users log in to access with, so we have to make sure it does not expire. Anything else we can do?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37814008
Is there an entry in /etc/security/passwd for that user?

If so, any flags or a "last_update" line?
0
 

Author Comment

by:AIX25
ID: 37814384
I went ahead and su'ed to the id and changed the password to what they use, so this will be a temp fix and buy me time...about 90 days...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now