Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Apropos / Subsearch:
optional field

 getprpw(1M)							 getprpw(1M)

      getprpw - display protected password database

      getprpw [-l|-n [domain]] [-r] [-m parm[,parm]] username

      getprpw displays the user's protected password database settings.
      This command is available only to the superuser in a trusted system.
      Normally it is only used via SAM, see sam(1M).

      The database contains information for both local and NIS+ users.
      However, some NIS+ information is kept on the master.  Since a user
      may be both local and NIS+, getprpw uses the nsswitch.conf(4) default
      if neither -l nor -n are specified.

      getprpw recognizes the following options...

      -l   Specifies to get information from the local user.

      -n   Can be specified with or without domain name; i.e., -n [domain].
	   If -n [domain] is specified, displays data for the NIS+ user.
	   The domain name must be fully qualified, with a terminating
	   period.  If domain name is not specified, the local domain will
	   be used.

      -r   Displays the arguments supplied to -m in raw format

      -m   Displays the database value for the argument passed.

	   An "invalid-opt" is printed if a list of options passed to -m
	   contains an invalid option. The rest of the options will be
	   processed.  If getprpw is specified without -m, all parameters
	   are displayed in the order given below.

	   Boolean values are returned as YES, NO, or DFT (for system
	   default values in /tcb/files/auth/system/default).

	   Numeric values are specified as positive numbers, 0, or -1.	A
	   value of -1 indicates that the field has not been assigned a
	   value in the database.

	   Units of time are returned in number of days (>=0), although the
	   database keeps them in seconds. This and other minor differences
	   between the command parameters and the database fields are
	   consistent with modprpw(1M).

	   The following parameters for the user can be displayed using the
	   -m option.

 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000

 getprpw(1M)							 getprpw(1M)

	   They are listed below in the order shown in prot.h.	The database
	   fields are fully explained in prpwd(4).

	   uid		  user uid

	   bootpw	  boot authorization flag

	   audid	  audit id

	   audflg	  audit flag

	   mintm	  minimum time between password changes

	   maxpwln	  maximum password length

	   exptm	  password expiration time

	   lftm		  password lifetime

	   spwchg	  last successful password change time

	   upwchg	  last unsuccessful password change time

	   acctexp	  account expiration time

	   llog		  last login time interval

	   expwarn	  password expiration warning time

	   usrpick	  whether user picks password, YES/NO/DFT

	   syspnpw	  whether system generates pronounceable passwords,

	   rstrpw	  whether password is restricted, i.e, checked for
			  triviality, YES/NO/DFT

	   nullpw	  NULL passwords are allowed, YES/NO/DFT.  Not

	   syschpw	  whether system generates passwords having
			  characters only, YES/NO/DFT

	   sysltpw	  whether system generates passwords having letters
			  only, YES/NO/DFT

	   timeod	  time of day allowed for login

	   slogint	  time of last successful login

 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000

 getprpw(1M)							 getprpw(1M)

	   ulogint	  time of last unsuccessful login

	   sloginy	  tty of last successful login

	   culogin	  consecutive number of unsuccessful logins so far

	   uloginy	  tty of last unsuccessful login

	   umaxlntr	  maximum unsuccessful login tries

	   alock	  administrator lock, YES if on, NO if off, DFT if
			  not set.

	   lockout	  returns the reason for a lockout in a "bit" valued
			  string, where 0 = condition not present, 1 is
			  present.  The position, left to right represents:

			  1 past password lifetime
			  2 past last login time (inactive account)
			  3 past absolute account lifetime
			  4 exceeded unsuccessful login attempts
			  5 password required and a null password
			  6 admin lock
			  7 password is a *

	   0	success
	   1	user not privileged
	   2	incorrect useage
	   3	cannot find the password file
	   4	system is not trusted

      Displays the database aging fields for user "someusr".

	   getprpw -m mintm,exptm,expwarn,lftm someusr

	   The command displays:

	      mintm=1, exptm=2, expwarn=-1, lftm=3

      This command is intended for SAM use only.  It may change with each
      release and can not be guaranteed to be backward compatible.

      Several database fields interact with others.  The side effects of an
      individual change may not cause a problem till much later.

      Special meanings may apply in the following cases:

 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000

 getprpw(1M)							 getprpw(1M)

	   +	an absent field
	   +	a field without a value
	   +	a field with a zero value

      getprpw was developed by HP.

      /etc/passwd		    System Password file
      /tcb/files/auth/*/*	    Protected Password Database
				    System Defaults Database
      modprpw(1M), prpwd(4), nsswitch.conf(4).

 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000