Solved

AIX - expiring password for an account

Posted on 2012-04-05
12
1,779 Views
Last Modified: 2012-04-05
I have an account that needs to be set to never expire password. I have set the account in /etc/security/user to maxage = 0  . But, it is stil giving reminder that password is about to expire. What else can I do?
0
Comment
Question by:AIX25
  • 6
  • 6
12 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 37813058
Has the change to /etc/security/user been accepted by the system?

Check with

lsuser -a maxage userid

If all seems correct - are there any flags set in /etc/security/passwd, particularly ADMCHG?
If so, you can clear all flags with

pwdadm -c userid

If this doesn't help - is pwdwarntime set for this user?

If so, set to "no warning" with

chuser pwdwarntime=0 userid

By the way, instead of editing /etc/security/user you should always prefer "chuser", if at all possible.

As a very last resort you could disable all checks for this user:

pwdadm -f NOCHECK userid

This change will update /etc/security/passwd.

wmp
0
 

Author Comment

by:AIX25
ID: 37813245
root@server[/]# pwdadm -f NOCHECK user
Error changing "user".

root@server[/]# chuser pwdwarntime=0 user
Error changing "pwdwarntime" to "0".

This is NIS env, not sure if that helps??
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813291
Not only that it helps, it indeed changes everything.

pwdadm and chuser don't work against NIS users.

It seems that the message comes from the NIS server.

Please check there!
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:AIX25
ID: 37813594
Can I run that the pwdadm and chuser commands from the NIS master? Maxage is not setup on the NIS master server the account. What should I do to replicate it to the client?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813678
Yes, of course, if it's AIX.

What did lsuser user on the client say?
0
 

Author Comment

by:AIX25
ID: 37813835
root@server[/]# lsuser user
user id=7626 pgrp=group groups=group home=/home/user shell=/usr/bin/ksh gecos=law user login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=NIS SYSTEM=compat logintimes= loginretries=5 pwdwarntime=15 account_locked=false minage=1 maxage=0 maxexpired=1 minalpha=1 minother=1 mindiff=3 maxrepeats=3 minlen=8 histexpire=52 histsize=12 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=2097151 rss=-1 nofiles=32000 time_last_login=1302396929 time_last_unsuccessful_login=1208679387 unsuccessful_login_count=0 roles=
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 37813873
If working on the NIS server doesn't help try adding pwdwarntime=0 to /etc/security/user on the client manually.
 
Also consider removing the "last_update" line from the user's stanza in /etc/security/passwd on the client.
0
 

Author Comment

by:AIX25
ID: 37813910
Its space sensitive...correct? pwdwarntime = 0?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37813933
Yes, sorry.
0
 

Author Comment

by:AIX25
ID: 37813987
That did not work. User says it still give the warning...2 days left to change password. This is id that should not expire. Its a service id that users log in to access with, so we have to make sure it does not expire. Anything else we can do?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 37814008
Is there an entry in /etc/security/passwd for that user?

If so, any flags or a "last_update" line?
0
 

Author Comment

by:AIX25
ID: 37814384
I went ahead and su'ed to the id and changed the password to what they use, so this will be a temp fix and buy me time...about 90 days...
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX Server 10 86
Generate FIPS 140-2 Public Key on Unix 5 75
NTP Server in VMware 5 218
bash while loop reading input from data section in script 7 69
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question