Hi Admins,
AIX 5.3
I know
maxage
value tells the system about password expiration policy.
One of the user's maxage is 5 weeks.But he changed the password long backup at 2008 according to
lastupdate
value.
Since
maxage
is 5, the password should expire every 5 weeks.But how come
lastupdate
shows the year 2008.
Any other setting needs to be checked. Please provide your expert thoughts.
Regards
newaix
Can you post "lsuser -a user_name" for this user?
What does "maxexpired" in /etc/security/user have to say for this user? If it's -1, the user will not be forced to change the password even after the maxage duration.
Hi,
Thanks for the response.
Please check the below settings
madaoptr:
id=211
pgrp=dba
groups=dba,staff
home=/home/madaoptr
shell=/usr/bin/ksh
login=true
su=true
rlogin=true
daemon=true
admin=false
sugroups=dba
admgroups=
tpath=nosak
ttys=ALL
expires=0
auth1=SYSTEM
auth2=NONE
umask=22
registry=files
SYSTEM=compat
logintimes=
loginretries=3
pwdwarntime=7
account_locked=false
minage=1
maxage=8
maxexpired=5
minalpha=2
minother=2
mindiff=3
maxrepeats=8
minlen=8
histexpire=0
histsize=15
pwdchecks=
dictionlist=/etc/security/password.dict
fsize=-1
cpu=-1
data=-1
stack=-1
core=0
rss=-1
nofiles=-1
time_last_login=1280839888
time_last_unsuccessful_login=1321534343
tty_last_login=/dev/pts/1
tty_last_unsuccessful_login=ssh
host_last_login=10.55.12.60
host_last_unsuccessful_login=msbdvds02
unsuccessful_login_count=2
roles=
pwdadm -q madaoptr
madaoptr:
lastupdate = 1209445973
last passwd changed on Tue Apr 29 08:12:53 2008
perl -le 'print scalar localtime 1209445973'
Tue Apr 29 08:12:53 2008
Regards
newaix
This is really strange!!
Although, maxexpired is set to 5 weeks, user seemed to have been using the same password for at least two years. What about other users? Is the password policy not working for them as well or is it just for this one user?
Can you check running the following commands?
pwdck -y ALL
usrck -y ALL
Thanks for your time. Please find the details below
# pwdck -y ALL
3001-402 The user "invscout" has an invalid password field in /etc/passwd.
3001-414 The stanza for "invscout" was not found in /etc/security/passwd.
3001-402 The user "ipsec" has an invalid password field in /etc/passwd.
3001-414 The stanza for "ipsec" was not found in /etc/security/passwd.
3001-402 The user "lp" has an invalid password field in /etc/passwd.
3001-414 The stanza for "lp" was not found in /etc/security/passwd.
3001-402 The user "nuucp" has an invalid password field in /etc/passwd.
3001-414 The stanza for "nuucp" was not found in /etc/security/passwd.
3001-402 The user "snapp" has an invalid password field in /etc/passwd.
3001-414 The stanza for "snapp" was not found in /etc/security/passwd.
3001-402 The user "sshd" has an invalid password field in /etc/passwd.
3001-414 The stanza for "sshd" was not found in /etc/security/passwd.
3001-413 Adding "lp" stanza to /etc/security/passwd.
3001-413 Adding "invscout" stanza to /etc/security/passwd.
3001-413 Adding "snapp" stanza to /etc/security/passwd.
3001-413 Adding "ipsec" stanza to /etc/security/passwd.
3001-413 Adding "nuucp" stanza to /etc/security/passwd.
3001-413 Adding "sshd" stanza to /etc/security/passwd.
#
#
# usrck -y ALL
3001-603 The UID 0 is duplicated for user root.
3001-603 The UID 0 is duplicated for user eadmaix.
3001-661 There have been too many invalid login attempts by user daemon.
3001-661 There have been too many invalid login attempts by user bin.
3001-661 There have been too many invalid login attempts by user sys.
3001-661 There have been too many invalid login attempts by user adm.
3001-662 User uucp is locked.
3001-661 There have been too many invalid login attempts by user nobody.
3001-662 User snapp is locked.
3001-662 User ipsec is locked.
3001-662 User nuucp is locked.
3001-662 User ora9i is locked.
#