Solved

aix ibm disabled accounts

Posted on 2014-02-26
3
2,581 Views
Last Modified: 2014-02-26
does AIX IBM have the same equivalent as a disabled account on a server, i.e. those that cant be used to login to the server. If yes, can you elaborate how you can determine if the accounts are live or disabled/cant be used for login
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39888233
Hi,

it's very similar to other Unix/Linux implementations.

There is the /etc/passwd file and there is the file /etc/security/passwd which is the equivalent to /etc/shadow on other systems.

If the second colon-separated field of an entry in /etc/passwd contains an asterisk ("*")
this indicates an invalid password and the concerned user cannot log in.

If the same field contains an exclamation point ("!") this indicates that there is an entry in /etc/security password for that user.

This file contains the encrypted passwords (and the last update timestamps plus several flags).
Here, too, the password can be "*" which means that the user cannot log in.

Besides that we have an "account_locked" attribute in AIX. Such attributes are stored in /etc/security/user, can be viewed with "lsuser <username>" and can be set with "chuser <attribute>=<value> <username>".

Finally, we can set an account "expiration" date in /etc/security/user past which the user cannot log in anymore. This can also be viewed with "lsuser" and set with "chuser".
You can forcibly expire an acoount by setting the expiration date to "0101000070" (MMDDHHMMYY format).
wmp
0
 
LVL 3

Author Comment

by:pma111
ID: 39888308
Thanks, if the user is locked, but has a weak password, is there any risk whatsoever, if that account can be used to access the server?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39888331
Locked accounts can neither be used for login nor for ssh/ftp/rsh/rcp and so on.

The only exception is that root (and only root) can "su" to this user, whether it's locked or not.

Since root doesn't need a password for "su" the password is irrelevant in any case, and there's no risk if it's "weak".
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question