hi,
i need urgent help about on changing some parameters of my 150 accounts.
Firstly,i want my all hp-ux user accounts
to change their pwd every month.
if i change my pwd today so i want my my hp-ux force or notify me on 11.05.2005 but also
i want 15 days later when i logon to system
then i want my hp-ux warn me like "your passwd
expire 15 days later"
How can i change these parameters with script
because i have more 150 users.
Please need urgent help,
Note: If you are the author of this question and wish to assign points to any of the answers, please login first.For more information on assigning points ,click
here
The command is modprpw and the man page will help you. If you are not running 11i, you'll have to read the man page online at docs.hp.com (search for modprpw).
You'll have to create a file with all the user names. The reason you can't just read the passwd file is that you'll affect root,sys,bin,lp, etc so these have to be weeded out:
cut -f1 -d: /etc/passwd > /tmp/user.list
Edit /tmp/user.list and remove the sysadmin names. The script would look something like this:
cat /tmp/user.list | while read USERNAME do /usr/lbin/modprpw -v -m mintm=5,exptm=30,expwarn=15 $USERNAME done
This will 'refresh' each user's password so that the last-change date is today, the minimum time before a user can change the password again is 5 days (prevents users from changing back to an old password immediately), and the expiration of the password is 30 days from today.
NOTE: Human nature, being what it is, a password that expires every 30 days will be self-defeating. Security will actually be compromised because the users will constantly forget their new password and call you for a new one (you can't decode what their current password might be), and other users will write the latest password down on paper and attach it to the monitor or keyboard.
You would be better off setting a change limit of 90 days. Security will be much improved because users have enough time to memorize their passwords.
hi, Before closing this thread 1 more q, i want to see pwd for my use like; old password: new password: Re-enrty new password:
so i mean i do not want to see like; Do you want (choose one letter only): pronounceable passwords generated for you (g) a string of letters generated (l) ? to pick your passwords (p) ?
> Before closing this thread 1 more q, > i want to see pwd for my use like; > old password: > new password: > Re-enrty new password:
> so i mean i do not want to see like; > Do you want (choose one letter only): > pronounceable passwords generated for you (g) > a string of letters generated (l) ? > to pick your passwords (p) ?
> so which paratemeter do i have change?
The modprpw command will not ask you anything interactively. The passwd command (to change a password interactively) ALWAYS asks for the old password, then depending on your Trusted system security policies, you can disable the automated password suggestions. In SAM, select:
-> Auditing and Security ---> System Security Policies -----> Password Format Policies...
Then uncheck the automatic generation choices:
From: [X] System Generates Pronounceable [X] System Generates Character [X] System Generates Letters Only
To: [ ] System Generates Pronounceable [ ] System Generates Character [ ] System Generates Letters Only
This will now have passwd ask just for the old and new passwords.
Printable version
