Questions about password expiration and notification - Aix

This is a discussion on Questions about password expiration and notification - Aix ; Running AIX 5.3 on a p5-550. Description of problems 1) Is there a method to set a password expiration date to a specific date rather than by setting "Password MAX. AGE" which is in weeks? Since there is a "Days ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Questions about password expiration and notification

  1. Questions about password expiration and notification

    Running AIX 5.3 on a p5-550.

    Description of problems

    1) Is there a method to set a password expiration date to a
    specific date rather than by setting "Password MAX. AGE"
    which is in weeks?

    Since there is a "Days to WARN USER before password expires",
    somewhere there is a computation between the login date and a
    date when the password expires.

    2) When a user logs in and the "Days to WARN USER before password
    expires"
    is set, messages are displayed so fast that the user cannot see the
    "Your password will expire:" message. Is there a method to "slow"
    down or "pause" the login so the user can see the
    "Your password will expire:" message?

    Brief Scenario:

    User logs in.

    [THIS MESSAGE IS DISPLAYED:]
    Last unsuccessful login: Thu Dec 21 14:22:31 CST 2006 on /dev/pts/1
    from xxxx.xxxx.edu
    Last login: Wed Jan 3 07:29:28 CST 2007 on ssh from xxxx.xxxx.edu
    [files]: 3004-328 Your password will expire: Wed Jan 10 07:21:18 CST
    2007


    [THEN THE /etc/motd FILE IS DISPLAYED.]

    BLAH
    BLAH


    The user is placed into IBM's U2 product, Universe. [The user is never
    supposed to in AIX.]

    Thanks in advance,

    Denny Watkins
    Morningside College
    712-274-5250
    watkins@morningside.edu


  2. Re: Questions about password expiration and notification

    You could add a pause in /etc/profile for all cases,
    That seems problematic, to say the least.

    One other thing that came to mind immediately, is to keep
    a list of users that go straight into the application,
    and set up a root cronjob to run
    "pwdadm -f ADMCHG userid" for all of them on a specified day.

    After that, their password will be in effect, expired.

    That brings up a question, though...Even if they aren't
    warned, when they log in and the password is expired,
    they should have some time when it will allow them
    to change it...

    Hope that helps.

    Casey


+ Reply to Thread