Solved

AIX - expiring password for an account

Posted on 2012-04-05
12
1,878 Views
Last Modified: 2012-04-05
I have an account that needs to be set to never expire password. I have set the account in /etc/security/user to maxage = 0  . But, it is stil giving reminder that password is about to expire. What else can I do?
0
Comment
Question by:AIX25
  • 6
  • 6
12 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 37813058
Has the change to /etc/security/user been accepted by the system?

Check with

lsuser -a maxage userid

If all seems correct - are there any flags set in /etc/security/passwd, particularly ADMCHG?
If so, you can clear all flags with

pwdadm -c userid

If this doesn't help - is pwdwarntime set for this user?

If so, set to "no warning" with

chuser pwdwarntime=0 userid

By the way, instead of editing /etc/security/user you should always prefer "chuser", if at all possible.

As a very last resort you could disable all checks for this user:

pwdadm -f NOCHECK userid

This change will update /etc/security/passwd.

wmp
0
 

Author Comment

by:AIX25
ID: 37813245
root@server[/]# pwdadm -f NOCHECK user
Error changing "user".

root@server[/]# chuser pwdwarntime=0 user
Error changing "pwdwarntime" to "0".

This is NIS env, not sure if that helps??
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813291
Not only that it helps, it indeed changes everything.

pwdadm and chuser don't work against NIS users.

It seems that the message comes from the NIS server.

Please check there!
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:AIX25
ID: 37813594
Can I run that the pwdadm and chuser commands from the NIS master? Maxage is not setup on the NIS master server the account. What should I do to replicate it to the client?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813678
Yes, of course, if it's AIX.

What did lsuser user on the client say?
0
 

Author Comment

by:AIX25
ID: 37813835
root@server[/]# lsuser user
user id=7626 pgrp=group groups=group home=/home/user shell=/usr/bin/ksh gecos=law user login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=NIS SYSTEM=compat logintimes= loginretries=5 pwdwarntime=15 account_locked=false minage=1 maxage=0 maxexpired=1 minalpha=1 minother=1 mindiff=3 maxrepeats=3 minlen=8 histexpire=52 histsize=12 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=32000 time_last_login=1302396929 time_last_unsuccessful_login=1208679387 unsuccessful_login_count=0 roles=
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 37813873
If working on the NIS server doesn't help try adding pwdwarntime=0 to /etc/security/user on the client manually.
 
Also consider removing the "last_update" line from the user's stanza in /etc/security/passwd on the client.
0
 

Author Comment

by:AIX25
ID: 37813910
Its space sensitive...correct? pwdwarntime = 0?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813933
Yes, sorry.
0
 

Author Comment

by:AIX25
ID: 37813987
That did not work. User says it still give the warning...2 days left to change password. This is id that should not expire. Its a service id that users log in to access with, so we have to make sure it does not expire. Anything else we can do?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37814008
Is there an entry in /etc/security/passwd for that user?

If so, any flags or a "last_update" line?
0
 

Author Comment

by:AIX25
ID: 37814384
I went ahead and su'ed to the id and changed the password to what they use, so this will be a temp fix and buy me time...about 90 days...
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question