*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> modprpw (1m)              
Title
Content
Arch
Section
 

Contents


 modprpw(1M)                                                     modprpw(1M)




 NAME    [Toc]    [Back]
      modprpw - modify protected password database

 SYNOPSIS    [Toc]    [Back]
      modprpw [-E|-V] [-l|-n [domain]]

      modprpw [-x] [-l|-n [domain]] username

      modprpw [-A|-e|-v|-k] [-m field=value,... ] [-l|-n [domain]] username

 DESCRIPTION    [Toc]    [Back]
      modprpw updates the user's protected password database settings.  This
      command is available only to the superuser in a trusted system.

      Usage other than via SAM, and/or modifications out of sync with
      /etc/passwd or NIS+ tables, may result in serious database corruption
      and the inability to access the system.

      All updated values may be verified using getprpw(1M).

      The database contains information for both local and NIS+ users.
      However, some NIS+ information is kept on the master.  Since a user
      may be both local and NIS+, modprpw uses the nsswitch.conf(4) default
      if neither -l nor -n are specified.

    Options    [Toc]    [Back]
      modprpw sets user's parameters as defined by the options specified.
      At least one option is required.  If a field is not specified in the
      option then its value remains unchanged in the database.

      modprpw recognizes the following options...

      -A   To add a new user entry and to return a random password which the
           new user must use to login the first time.  This entry has to be
           created with the given username and the -m uid=value.

           Error is returned if the user already exists.

           May be combined with one of the -l or -n options.  It also adds
           entries to the NIS+ tables, if -n is specified.

           Unlike useradd(1M), it does not create nor populate the home
           directory, and it does not update /etc/passwd.

      -E   This option is specified WITHOUT a user name to expire all user's
           passwords.  It goes through the protected password database and
           zeroes the successful change time of all users.  The result is
           all users will need to enter a new password at their next login.

           May be combined with one of -l or -n options.




 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003






 modprpw(1M)                                                     modprpw(1M)




      -e   This option is specified with a user name to expire the specified
           user's password. It zeroes the successful change time.

           May be combined with options -l, -m, -n.

      -k   To unlock/enable a user's account that has become disabled,
           except when the lock is due to a missing password or * password.

           May be combined with options -l, -m, -n.

      -l   This option specifies to modify data for a local user.  It cannot
           be specified with the -n option.  This option must be specified
           with other options.

      -m   Modify the database field to the specified value and/or resets
           locks.  Valid with one of -A, -e, -v, -k options; and one of -l,
           -n options.

           A list of database fields may be used with comma as a delimiter.
           An "invalid-opt" is printed, and processing terminates, if a list
           of database fields passed to -m contains an invalid database
           field.

           Boolean values are specified as YES, NO, or DFT for system
           default values (/tcb/files/auth/system/default).  Numeric values
           are specified as positive numbers, 0, or -1.  If the value -1 is
           specified, the numeric value in the database is removed, allowing
           the system default value to be used.  Time values are specified
           in days, although the database keeps them in seconds.

           No aging is present if the following 4 database parameters are
           all zero: u_minchg, u_exp, u_life, u_pw_expire_warning.

           Unless specified by n/a, all database fields can be set.  They
           are listed below in the order shown in prot.h.  The database
           fields are fully explained in prpwd(4).

           FIELD=VALUE         DATABASE FIELD

           n/a                 database u_name.

           uid=value           database u_id.

                               Set the uid of the user.  No sanity checking
                               is done on this value.

           n/a                 database u_pwd.

           n/a                 database u_owner.





 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003






 modprpw(1M)                                                     modprpw(1M)




           bootpw=value        database u_bootauth.

                               Set boot authorization privilege, YES/NO/DFT.
                               NO removes it from the user file.

           audid=value         database u_auditid.

                               Set audit id. Automatically limited not to
                               exceed the next available id.

           audflg=value        database u_auditflag.

                               Set audit flag.

           mintm=value         database u_minchg=(value*86400).

                               Set the minimum time interval between
                               password changes (days). 0 = none.  Same as
                               non-trusted mode minimum time.

           maxpwln=value       database u_maxlen.

                               Set the maximum password length for system
                               generated passwords.

           exptm=value         database u_exp=(value*86400).

                               Set password expiration time interval (days).
                               0 = expired.  Same as non-trusted mode
                               maximum time.

           lftm=value          database u_life.

                               Set password life time interval (days).  0 =
                               infinite.

           n/a                 database u_succhg.

                               Modified by options e, E, v, V, maybe k.

           n/a                 database u_unsucchg.

           acctexp=value       database u_acct_expire=(value*86400+now).

                               Set account expiration time interval (days).
                               This interval is added to "now" to form the
                               value in the database (database 0 = no
                               expiration).

           llog=value          database u_llogin.




 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003






 modprpw(1M)                                                     modprpw(1M)




                               Set the last login time interval (days).
                               Used with u_succlog.

           expwarn=value       database u_pw_expire_warning=(value*86400).

                               Set password expiration warning time interval
                               (days). 0 = none.

           n/a                 database u_pswduser.  Obsoleted field.

           usrpick=value       database u_pickpw.

                               Set whether User Picks Password, YES/NO/DFT.

           syspnpw=value       database u_genpwd.

                               Set whether system generates pronounceable
                               passwords, YES/NO/DFT.

           rstrpw=value        database u_restrict.

                               Set if generated password is restricted,
                               YES/NO/DFT.  If YES, password will be checked
                               for triviality.

           nullpw=value        database u_nullpw.

                               Set whether null passwords are allowed,
                               YES/NO/DFT.  YES is not recommended!

           n/a                 database u_pwchanger.  Obsolescent field.

           admnum=value        database u_pw_admin_num.  Obsoleted field.

           syschpw=value       database u_genchars.

                               Set whether system generates passwords having
                               characters only, YES/NO/DFT.

           sysltpw=value       database u_genletters.

                               Set whether system generates passwords having
                               letters only, YES/NO/DFT.

           timeod=value        database u_tod.

                               Set the time-of-day allowed for login.

                               The format is:





 Hewlett-Packard Company            - 4 -   HP-UX 11i Version 2: August 2003






 modprpw(1M)                                                     modprpw(1M)




                               key0Starttime-Endtime,
                               key1Starttime-Endtime,...
                               keynStarttime-Endtime

                               Where key has the following values:
                               Mo - Monday
                               Tu - Tuesday
                               We - Wednesday
                               Th - Thursday
                               Fr - Friday
                               Sa - Saturday
                               Su - Sunday
                               Any -  everyday
                               Wk - Monday -> Friday

                               and Starttime and Endtime are in military
                               format: HHMM, where:
                               00 <= HH <= 23, and 00 <= MM <= 59.

           n/a                 database u_suclog.

           n/a                 database u_unsuclog.

           n/a                 database u_suctty.

           n/a                 database u_numunsuclog.

           n/a                 database u_unsuctty.

           umaxlntr=value      database u_maxtries.

                               Set Maximum Unsuccessful Login tries allowed.
                               0 = infinite.

           alock=value         database u_lock.

                               Set the administrator lock, YES/NO/DFT.

      -n   Can be specified with or without domain name; i.e., -n [domain].
           If -n [domain] is specified, modifies data for the NIS+ user.
           The domain name must be fully qualified, with a terminating
           period.  If domain name is not specified, the local domain will
           be used.

           It cannot be specified with the -l option.  This option must be
           specified with other options.

      -V   This option is specified WITHOUT a user name to
           "validate/refresh" all user's passwords.  It goes through the
           protected password database and sets the successful change time
           to the current time for all users. The result is that all user's



 Hewlett-Packard Company            - 5 -   HP-UX 11i Version 2: August 2003






 modprpw(1M)                                                     modprpw(1M)




           password aging restarts at the current time.

           May be combined with one of -l or -n options.

      -v   This option is specified with a user name to "validate/refresh"
           the specified user's password.  It sets the successful change
           time to the current time.

           May be combined with options -l, -m, -n.

      -x   Delete the user's password and return a random password that the
           user must later supply to the login process to login and pick a
           new password. Not valid for root.  Also resets locks.

           May be combined with one of -l or -n options.

 RETURN VALUE    [Toc]    [Back]
           0    Success.
           1    User not privileged.
           2    Incorrect usage.
           3    Can not find the entry or file.
           4    Can not change the entry.
           5    Not a Trusted System.
           6    Not a NIS+ user.

 EXAMPLES    [Toc]    [Back]
      Set the Minimum time between password changes to 12 (days), set the
      System generates pronounceable password flag to NO, and set the System
      generates password having characters only flag to YES.

           modprpw -m mintm=12,syspnpw=NO,syschpw=YES someusr

      The following example is to restrict the times that user joeblow can
      get on the system on Mondays and Fridays to 5PM-9PM, and Sundays from
      5AM-9AM. Other days are not restricted.

           modprpw -m timeod=Mo1700-2100,Fr1700-2100,Su0500-0900 joeblow

 WARNINGS    [Toc]    [Back]
      This command is intended for SAM use only.  It may change with each
      release and can not be guaranteed to be backward compatible.

      Several database fields interact with others.  Side effects may not be
      apparent until much later.

      Special meanings may apply in the following cases:

           + an absent field,
           + a field without a value,
           + a field with a zero value.




 Hewlett-Packard Company            - 6 -   HP-UX 11i Version 2: August 2003






 modprpw(1M)                                                     modprpw(1M)




      Very little, if any checking is done to see if values are valid.  It
      is the user's responsibility to range check values.

 FILES    [Toc]    [Back]
      /etc/passwd                      System Password file
      /tcb/files/auth/*/*              Protected Password Database
      /tcb/files/auth/system/default   System Defaults Database

 AUTHOR    [Toc]    [Back]
      modprpw was developed by HP.

 SEE ALSO    [Toc]    [Back]
      getprpw(1M), prpwd(4), nsswitch.conf(4).


 Hewlett-Packard Company            - 7 -   HP-UX 11i Version 2: August 2003
[ Back ]
      
      
 Similar pages
Name OS Title
getprpw HP-UX display protected password database
prpwd Tru64 Protected password authentication database (Enhanced Security)
prpasswd Tru64 Protected password authentication database (Enhanced Security)
putprpwnam Tru64 Manipulate protected password database entry (Enhanced Security)
setprpwent Tru64 Manipulate protected password database entry (Enhanced Security)
putespwnam Tru64 Manipulate protected password database entry (Enhanced Security)
endprpwent Tru64 Manipulate protected password database entry (Enhanced Security)
prpwd HP-UX protected password authentication database files used for trusted systems
putprpwnam HP-UX manipulate protected password database entries (for trusted systems only).
getprpwuid HP-UX manipulate protected password database entries (for trusted systems only).
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service