Solved

aix ibm disabled accounts

Posted on 2014-02-26
3
2,433 Views
Last Modified: 2014-02-26
does AIX IBM have the same equivalent as a disabled account on a server, i.e. those that cant be used to login to the server. If yes, can you elaborate how you can determine if the accounts are live or disabled/cant be used for login
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39888233
Hi,

it's very similar to other Unix/Linux implementations.

There is the /etc/passwd file and there is the file /etc/security/passwd which is the equivalent to /etc/shadow on other systems.

If the second colon-separated field of an entry in /etc/passwd contains an asterisk ("*")
this indicates an invalid password and the concerned user cannot log in.

If the same field contains an exclamation point ("!") this indicates that there is an entry in /etc/security password for that user.

This file contains the encrypted passwords (and the last update timestamps plus several flags).
Here, too, the password can be "*" which means that the user cannot log in.

Besides that we have an "account_locked" attribute in AIX. Such attributes are stored in /etc/security/user, can be viewed with "lsuser <username>" and can be set with "chuser <attribute>=<value> <username>".

Finally, we can set an account "expiration" date in /etc/security/user past which the user cannot log in anymore. This can also be viewed with "lsuser" and set with "chuser".
You can forcibly expire an acoount by setting the expiration date to "0101000070" (MMDDHHMMYY format).
wmp
0
 
LVL 3

Author Comment

by:pma111
ID: 39888308
Thanks, if the user is locked, but has a weak password, is there any risk whatsoever, if that account can be used to access the server?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39888331
Locked accounts can neither be used for login nor for ssh/ftp/rsh/rcp and so on.

The only exception is that root (and only root) can "su" to this user, whether it's locked or not.

Since root doesn't need a password for "su" the password is irrelevant in any case, and there's no risk if it's "weak".
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question