unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 modprpw(1M)							 modprpw(1M)




 NAME
      modprpw - modify protected password database

 SYNOPSIS
      modprpw [-E|-V] [-l|-n [domain]]

      modprpw [-x] [-l|-n [domain]] username

      modprpw [-A|-e|-v|-k] [-m field=value,... ] [-l|-n [domain]] username

 DESCRIPTION
      modprpw updates the user's protected password database settings.	This
      command is available only to the superuser in a trusted system.

      Usage other than via SAM, and/or modifications out of sync with
      /etc/passwd or NIS+ tables, may result in serious database corruption
      and the inability to access the system.

      All updated values may be verified using getprpw(1M).

      The database contains information for both local and NIS+ users.
      However, some NIS+ information is kept on the master.  Since a user
      may be both local and NIS+, modprpw uses the nsswitch.conf(4) default
      if neither -l nor -n are specified.

    Options
      modprpw sets user's parameters as defined by the options specified.
      At least one option is required.	If a field is not specified in the
      option then its value remains unchanged in the database.

      modprpw recognizes the following options...

      -A   To add a new user entry and to return a random password which the
	   new user must use to login the first time.  This entry has to be
	   created with the given username and the -m uid=value.

	   Error is returned if the user already exists.

	   May be combined with one of the -l or -n options.  It also adds
	   entries to the NIS+ tables, if -n is specified.

	   Unlike useradd(1M), it does not create nor populate the home
	   directory, and it does not update /etc/passwd.

      -E   This option is specified WITHOUT a user name to expire all user's
	   passwords.  It goes through the protected password database and
	   zeroes the successful change time of all users.  The result is
	   all users will need to enter a new password at their next login.

	   May be combined with one of -l or -n options.




 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 modprpw(1M)							 modprpw(1M)




      -e   This option is specified with a user name to expire the specified
	   user's password. It zeroes the successful change time.

	   May be combined with options -l, -m, -n.

      -k   To unlock/enable a user's account that has become disabled,
	   except when the lock is due to a missing password or * password.

	   May be combined with options -l, -m, -n.

      -l   This option specifies to modify data for a local user.  It cannot
	   be specified with the -n option.  This option must be specified
	   with other options.

      -m   Modify the database field to the specified value and/or resets
	   locks.  Valid with one of -A, -e, -v, -k options; and one of -l,
	   -n options.

	   A list of database fields may be used with comma as a delimiter.
	   An "invalid-opt" is printed, and processing terminates, if a list
	   of database fields passed to -m contains an invalid database
	   field.

	   Boolean values are specified as YES, NO, or DFT for system
	   default values (/tcb/files/auth/system/default).  Numeric values
	   are specified as positive numbers, 0, or -1.	 If the value -1 is
	   specified, the numeric value in the database is removed, allowing
	   the system default value to be used.	 Time values are specified
	   in days, although the database keeps them in seconds.

	   No aging is present if the following 4 database parameters are
	   all zero: u_minchg, u_exp, u_life, u_pw_expire_warning.

	   Unless specified by n/a, all database fields can be set.  They
	   are listed below in the order shown in prot.h.  The database
	   fields are fully explained in prpwd(4).

	   FIELD=VALUE	       DATABASE FIELD

	   n/a		       database u_name.

	   uid=value	       database u_id.

			       Set the uid of the user.	 No sanity checking
			       is done on this value.

	   n/a		       database u_pwd.

	   n/a		       database u_owner.





 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 modprpw(1M)							 modprpw(1M)




	   bootpw=value	       database u_bootauth.

			       Set boot authorization privilege, YES/NO/DFT.
			       NO removes it from the user file.

	   audid=value	       database u_auditid.

			       Set audit id. Automatically limited not to
			       exceed the next available id.

	   audflg=value	       database u_auditflag.

			       Set audit flag.

	   mintm=value	       database u_minchg=(value*86400).

			       Set the minimum time interval between
			       password changes (days). 0 = none.  Same as
			       non-trusted mode minimum time.

	   maxpwln=value       database u_maxlen.

			       Set the maximum password length for system
			       generated passwords.

	   exptm=value	       database u_exp=(value*86400).

			       Set password expiration time interval (days).
			       0 = expired.  Same as non-trusted mode
			       maximum time.

	   lftm=value	       database u_life.

			       Set password life time interval (days).	0 =
			       infinite.

	   n/a		       database u_succhg.

			       Modified by options e, E, v, V, maybe k.

	   n/a		       database u_unsucchg.

	   acctexp=value       database u_acct_expire=(value*86400+now).

			       Set account expiration time interval (days).
			       This interval is added to "now" to form the
			       value in the database (database 0 = no
			       expiration).

	   llog=value	       database u_llogin.




 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000






 modprpw(1M)							 modprpw(1M)




			       Set the last login time interval (days).
			       Used with u_succlog.

	   expwarn=value       database u_pw_expire_warning=(value*86400).

			       Set password expiration warning time interval
			       (days). 0 = none.

	   n/a		       database u_pswduser.  Obsoleted field.

	   usrpick=value       database u_pickpw.

			       Set whether User Picks Password, YES/NO/DFT.

	   syspnpw=value       database u_genpwd.

			       Set whether system generates pronounceable
			       passwords, YES/NO/DFT.

	   rstrpw=value	       database u_restrict.

			       Set if generated password is restricted,
			       YES/NO/DFT.  If YES, password will be checked
			       for triviality.

	   nullpw=value	       database u_nullpw.

			       Set whether null passwords are allowed,
			       YES/NO/DFT.  YES is not recommended!

	   n/a		       database u_pwchanger.  Obsolescent field.

	   admnum=value	       database u_pw_admin_num.	 Obsoleted field.

	   syschpw=value       database u_genchars.

			       Set whether system generates passwords having
			       characters only, YES/NO/DFT.

	   sysltpw=value       database u_genletters.

			       Set whether system generates passwords having
			       letters only, YES/NO/DFT.

	   timeod=value	       database u_tod.

			       Set the time-of-day allowed for login.

			       The format is:





 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000






 modprpw(1M)							 modprpw(1M)




			       key0Starttime-Endtime,
			       key1Starttime-Endtime,...
			       keynStarttime-Endtime

			       Where key has the following values:
			       Mo - Monday
			       Tu - Tuesday
			       We - Wednesday
			       Th - Thursday
			       Fr - Friday
			       Sa - Saturday
			       Su - Sunday
			       Any -  everyday
			       Wk - Monday -> Friday

			       and Starttime and Endtime are in military
			       format: HHMM, where:
			       00 <= HH <= 23, and 00 <= MM <= 59.

	   n/a		       database u_suclog.

	   n/a		       database u_unsuclog.

	   n/a		       database u_suctty.

	   n/a		       database u_numunsuclog.

	   n/a		       database u_unsuctty.

	   umaxlntr=value      database u_maxtries.

			       Set Maximum Unsuccessful Login tries allowed.
			       0 = infinite.

	   alock=value	       database u_lock.

			       Set the administrator lock, YES/NO/DFT.

      -n   Can be specified with or without domain name; i.e., -n [domain].
	   If -n [domain] is specified, modifies data for the NIS+ user.
	   The domain name must be fully qualified, with a terminating
	   period.  If domain name is not specified, the local domain will
	   be used.

	   It cannot be specified with the -l option.  This option must be
	   specified with other options.

      -V   This option is specified WITHOUT a user name to
	   "validate/refresh" all user's passwords.  It goes through the
	   protected password database and sets the successful change time
	   to the current time for all users. The result is that all user's



 Hewlett-Packard Company	    - 5 -   HP-UX Release 11i: November 2000






 modprpw(1M)							 modprpw(1M)




	   password aging restarts at the current time.

	   May be combined with one of -l or -n options.

      -v   This option is specified with a user name to "validate/refresh"
	   the specified user's password.  It sets the successful change
	   time to the current time.

	   May be combined with options -l, -m, -n.

      -x   Delete the user's password and return a random password that the
	   user must later supply to the login process to login and pick a
	   new password. Not valid for root.  Also resets locks.

	   May be combined with one of -l or -n options.

 RETURN VALUE
	   0	Success.
	   1	User not privileged.
	   2	Incorrect usage.
	   3	Can not find the entry or file.
	   4	Can not change the entry.
	   5	Not a Trusted System.
	   6	Not a NIS+ user.

 EXAMPLES
      Set the Minimum time between password changes to 12 (days), set the
      System generates pronounceable password flag to NO, and set the System
      generates password having characters only flag to YES.

	   modprpw -m mintm=12,syspnpw=NO,syschpw=YES someusr

      The following example is to restrict the times that user joeblow can
      get on the system on Mondays and Fridays to 5PM-9PM, and Sundays from
      5AM-9AM. Other days are not restricted.

	   modprpw -m timeod=Mo1700-2100,Fr1700-2100,Su0500-0900 joeblow

 WARNINGS
      This command is intended for SAM use only.  It may change with each
      release and can not be guaranteed to be backward compatible.

      Several database fields interact with others.  Side effects may not be
      apparent until much later.

      Special meanings may apply in the following cases:

	   + an absent field,
	   + a field without a value,
	   + a field with a zero value.




 Hewlett-Packard Company	    - 6 -   HP-UX Release 11i: November 2000






 modprpw(1M)							 modprpw(1M)




      Very little, if any checking is done to see if values are valid.	It
      is the user's responsibility to range check values.

 FILES
      /etc/passwd		       System Password file
      /tcb/files/auth/*/*	       Protected Password Database
      /tcb/files/auth/system/default   System Defaults Database

 AUTHOR
      modprpw was developed by HP.

 SEE ALSO
      getprpw(1M), prpwd(4), nsswitch.conf(4).









































 Hewlett-Packard Company	    - 7 -   HP-UX Release 11i: November 2000