Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

aix ibm disabled accounts

Posted on 2014-02-26
3
Medium Priority
?
2,858 Views
Last Modified: 2014-02-26
does AIX IBM have the same equivalent as a disabled account on a server, i.e. those that cant be used to login to the server. If yes, can you elaborate how you can determine if the accounts are live or disabled/cant be used for login
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 39888233
Hi,

it's very similar to other Unix/Linux implementations.

There is the /etc/passwd file and there is the file /etc/security/passwd which is the equivalent to /etc/shadow on other systems.

If the second colon-separated field of an entry in /etc/passwd contains an asterisk ("*")
this indicates an invalid password and the concerned user cannot log in.

If the same field contains an exclamation point ("!") this indicates that there is an entry in /etc/security password for that user.

This file contains the encrypted passwords (and the last update timestamps plus several flags).
Here, too, the password can be "*" which means that the user cannot log in.

Besides that we have an "account_locked" attribute in AIX. Such attributes are stored in /etc/security/user, can be viewed with "lsuser <username>" and can be set with "chuser <attribute>=<value> <username>".

Finally, we can set an account "expiration" date in /etc/security/user past which the user cannot log in anymore. This can also be viewed with "lsuser" and set with "chuser".
You can forcibly expire an acoount by setting the expiration date to "0101000070" (MMDDHHMMYY format).
wmp
0
 
LVL 3

Author Comment

by:pma111
ID: 39888308
Thanks, if the user is locked, but has a weak password, is there any risk whatsoever, if that account can be used to access the server?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39888331
Locked accounts can neither be used for login nor for ssh/ftp/rsh/rcp and so on.

The only exception is that root (and only root) can "su" to this user, whether it's locked or not.

Since root doesn't need a password for "su" the password is irrelevant in any case, and there's no risk if it's "weak".
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question