Password expiration dates - SGI

This is a discussion on Password expiration dates - SGI ; I am a systems auditor and have run into an interesting situation with IRIX. I use the passwd -sa command to get a list of the accounts, whether they have a password set or are locked, etc. and the last ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Password expiration dates

  1. Password expiration dates

    I am a systems auditor and have run into an interesting situation with
    IRIX.

    I use the passwd -sa command to get a list of the accounts, whether
    they have a password set or are locked, etc. and the last password
    change date.

    Sometimes when I execute this command, the last password change date
    is 12/31/69. This is one day before the UNIX epoch so it looks like
    the value is set to -1.

    My question is: what does this mean? Does this mean the user would
    have to change their password at next logon (if password expiration is
    configured)? Does this mean the user would never have to change their
    password (even if password expiration is configured)?

    Sorry to post this but I do not have an IRIX machine to test with.

    Thanks in advance!

    Jeremy Shelley, CISSP

  2. Re: Password expiration dates

    In article <8124dbf4.0407120554.53e9645a@posting.google.com>,
    Jeremy Shelley, CISSP wrote:
    :I am a systems auditor and have run into an interesting situation with
    :IRIX.

    :I use the passwd -sa command

    :Sometimes when I execute this command, the last password change date
    :is 12/31/69. This is one day before the UNIX epoch so it looks like
    :the value is set to -1.

    :My question is: what does this mean?

    http://techpubs.sgi.com has online copies of the IRIX man pages.

    -n Set minimum field for name. The min field contains the minimum
    number of days between password changes for name. If min is
    greater than max, the user may not change the password. Always
    use this option with the -x option, unless max is set to -1 or
    0 (aging turned off). In that case, min need not be set.

    -x Set maximum field for name. The max field contains the number
    of days that the password is valid for name. The aging for
    name will be turned off immediately if max is set to -1. If it
    is set to 0, then the user is forced to change the password at
    the next login session and aging is turned off. If max is less
    than min, only the super-user can change this user's password.

    --
    Come to think of it, there are already a million monkeys on a million
    typewriters, and Usenet is NOTHING like Shakespeare. -- Blair Houghton.

+ Reply to Thread