I rolled out sudo (1.7.2p7) to my AIX system (6100-06-01-1043) some time ago. Because I was using "sudo su -" I did not update my root password before it expired as a result of maxexpire.
Now I find that the root account has expired and I cannot find any way of "unexpiring" it.
I have access to root and can update any files as root through "sudo su -". However I cannot log in directly as root on the console anymore - which I would like to do if, for instance, my own account is inaccessible
Does any one know of any way of "unexpiring" root?
I've changed the password so that the change date in /etc/security/passwd is current, but that has had no effect.
The root user should never have the maxexpire set as when the root user is expired fixing it involves booting off the DVD and going into single user mode and clearing / resetting the root password!
Problem solved..... BTW I did change the password as I had access to the root via sudo, however it still instisted that the account had expired. Then I realised lsuser -f root was showing an expiry date of the epoch even tho it was not set anywhere. I then explicitly set expire=0 in the root stanza in /etc/security/user which did the trick.
Basically, AIX seems to disable an expired account when maxexpire is reached
by setting (where I dont know!) the expire date to epoch
I agree about maxexpire for root.. but sometimes corporate settings over-rule good sense!
