getprpw - display protected password database
getprpw [-l|-n [domain]] [-r] [-m parm[,parm]] username
getprpw displays the user's protected password database settings.
This command is available only to the superuser in a trusted system.
Normally it is only used via SAM, see sam(1M).
The database contains information for both local and NIS+ users.
However, some NIS+ information is kept on the master. Since a user
may be both local and NIS+, getprpw uses the nsswitch.conf(4) default
if neither -l nor -n are specified.
getprpw recognizes the following options...
-l Specifies to get information from the local user.
-n Can be specified with or without domain name; i.e., -n [domain].
If -n [domain] is specified, displays data for the NIS+ user.
The domain name must be fully qualified, with a terminating
period. If domain name is not specified, the local domain will
-r Displays the arguments supplied to -m in raw format
-m Displays the database value for the argument passed.
An "invalid-opt" is printed if a list of options passed to -m
contains an invalid option. The rest of the options will be
processed. If getprpw is specified without -m, all parameters
are displayed in the order given below.
Boolean values are returned as YES, NO, or DFT (for system
default values in /tcb/files/auth/system/default).
Numeric values are specified as positive numbers, 0, or -1. A
value of -1 indicates that the field has not been assigned a
value in the database.
Units of time are returned in number of days (>=0), although the
database keeps them in seconds. This and other minor differences
between the command parameters and the database fields are
consistent with modprpw(1M).
The following parameters for the user can be displayed using the
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
They are listed below in the order shown in prot.h. The database
fields are fully explained in prpwd(4).
uid user uid
bootpw boot authorization flag
audid audit id
audflg audit flag
mintm minimum time between password changes
maxpwln maximum password length
exptm password expiration time
lftm password lifetime
spwchg last successful password change time
upwchg last unsuccessful password change time
acctexp account expiration time
llog last login time interval
expwarn password expiration warning time
usrpick whether user picks password, YES/NO/DFT
syspnpw whether system generates pronounceable passwords,
rstrpw whether password is restricted, i.e, checked for
nullpw NULL passwords are allowed, YES/NO/DFT. Not
syschpw whether system generates passwords having
characters only, YES/NO/DFT
sysltpw whether system generates passwords having letters
timeod time of day allowed for login
slogint time of last successful login
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
ulogint time of last unsuccessful login
sloginy tty of last successful login
culogin consecutive number of unsuccessful logins so far
uloginy tty of last unsuccessful login
umaxlntr maximum unsuccessful login tries
alock administrator lock, YES if on, NO if off, DFT if
lockout returns the reason for a lockout in a "bit" valued
string, where 0 = condition not present, 1 is
present. The position, left to right represents:
1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *
1 user not privileged
2 incorrect useage
3 cannot find the password file
4 system is not trusted
Displays the database aging fields for user "someusr".
getprpw -m mintm,exptm,expwarn,lftm someusr
The command displays:
mintm=1, exptm=2, expwarn=-1, lftm=3
This command is intended for SAM use only. It may change with each
release and can not be guaranteed to be backward compatible.
Several database fields interact with others. The side effects of an
individual change may not cause a problem till much later.
Special meanings may apply in the following cases:
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000
+ an absent field
+ a field without a value
+ a field with a zero value
getprpw was developed by HP.
/etc/passwd System Password file
/tcb/files/auth/*/* Protected Password Database
System Defaults Database
modprpw(1M), prpwd(4), nsswitch.conf(4).
Hewlett-Packard Company - 4 - HP-UX Release 11i: November 2000