disable system-wide password aging

disable system-wide password aging

Post by Ann Barne » Fri, 16 Jul 1999 04:00:00



Is this possible? (I know its not desirable, but is it possible?)
Do I just remove values from the default file to
handle the users with no individual settings?
If individual users have had values set with admintool,
do they need set to 0, or is 'none' an option/leave the
space blank when modifying?

*whew* hope that made sense..

TIA

Ann

 
 
 

disable system-wide password aging

Post by Ann Barne » Fri, 16 Jul 1999 04:00:00


I just noticed in the Answerbook, under the passwd command that the -w
option is not valid 'if password aging is disabled.' AHA! So it CAN be
disabled. OK. Someone please tell me HOW. I have searched all on-line docs I
can find for keywords aging, disabled, even passwd, followed the 'see
alsos', and others, spent all day on it. Please reply so I can finish up
this document I am working on...

Ann

 
 
 

disable system-wide password aging

Post by scar_the_.. » Fri, 16 Jul 1999 04:00:00


I just modify the /etc/passwd and/or /etc/shadow on the machine in
question by hand.  You can write a small awk/shell program to do this.



Quote:> I just noticed in the Answerbook, under the passwd command that the -w
> option is not valid 'if password aging is disabled.' AHA! So it CAN be
> disabled. OK. Someone please tell me HOW. I have searched all on-line
docs I
> can find for keywords aging, disabled, even passwd, followed the 'see
> alsos', and others, spent all day on it. Please reply so I can finish
up
> this document I am working on...

> Ann

Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
 
 
 

disable system-wide password aging

Post by Ann Barne » Fri, 16 Jul 1999 04:00:00


I'm closing in on it (this is kind of like raising kids; if they ask a
question, and you don't answer
right away, they figure it out themselves half the time!)

I also found where the passwd -x option (max expire), if set to -1, will
turn off aging for that user. That leads to these other questions:
1.  For an individual, can I do this by setting max to -1 in admintool also?

2. To turn it off system wide, would I set /etc/default/password
MAXWEEKS= -1 or simply remove the value for the aging-related lines
(MAXWEEKS=    or   MAXWEEKS= -1   )? or remove the ENTIRE line and all other
aging-related lines too?

The problem I seem to have with the man pages is the system default file; I
see a brief description at the end of passwd(1) but none of this detail; I'm
not sure if what applies to an individual will also work safely for the
system defaults..

TIA
Ann

 
 
 

disable system-wide password aging

Post by Ann Barne » Fri, 16 Jul 1999 04:00:00


I'd prefer a more inexperienced-user method for setting an individual user,
such as admintool. Does it allow -1 as an entry? I have no machine here to
try it out on. (Some kind fellow offered me a machine to play around on, but
after all the security put-downs and warnings I've been reading about on
these newsgroups, I don't have the guts to try it out; plus I think I need
an X server on my PC to use admintool, don't I; I've never really used X
before, just command lines.

And basically my question was about the system default file; for NO aging,
should it read:
MAXTRIES=-1
MAXTRIES=
or have no MAXTRIES line at all

or any/all of the above.

If you set MAXTRIES=-1 for a system or a user, will it simply ignore the
other values if they remain set as they were, or must they also be set
to -1/removed?

TIA

Ann