Re: Password expiration in Solaris

From: Darren J Moffat (Darren.Moffat_at_Sun.COM)
Date: 09/29/03


Date: Mon, 29 Sep 2003 09:31:18 -0700 (PDT)
To: Paul Greene <techlists@comcast.net>

On Fri, 26 Sep 2003, Paul Greene wrote:

> There appears to be two different ways to apply password expiration in
> Solaris; one is the parameters set in /etc/shadow (through admintool or
> command line), and the other is the password parameters set in
> /etc/default/passwd.

The values in /etc/default/passwd are the defaults to be applied to
accounts that have no aging information on the next password change
(including the first setting of the password on a new account).

The values in /etc/shadow are the per user values.

> Which one takes precedence if both are configured?

If there are already entries in /etc/shadow for the account those values are
preserved. If there are no entries AND /etc/default/passwd has values for
MINWEEKS, MAXWEEKS, WARNWEEKS then those are added to the entry in /etc/shadow
when that users password is changed, they witll take effect from that
moment onwards.

--
Darren J Moffat


Relevant Pages

  • Re: Windows 2000 Quota Problem
    ... few abandoned/orphaned entries on a Dell NAS that is part of Active ... the account information is unavailable. ... In my case I had attempted to delete a quota entry. ... I took ownership of the files, ...
    (microsoft.public.win2000.general)
  • Re: Exchange 2003/AD issue
    ... their account is deleted. ... There was a SMTP communication problem with the recipient's email ... I cannot find where these entries are coming from. ... I've dumped the entire Domain Users container in the AD to see if ...
    (microsoft.public.windows.server.active_directory)
  • RE: cannot log on to user account following password change
    ... please paste them in the newsgroup. ... cannot log on to user account following password change ...
    (microsoft.public.windows.server.sbs)
  • Exchange 2003/AD issue
    ... their account is deleted. ... There was a SMTP communication problem with the recipient's email ... I cannot find where these entries are coming from. ... I've dumped the entire Domain Users container in the AD to see if ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD/AM VSS Error
    ... an abortive ADAM install on the system? ... safe you should probably backup the registry key before modifying it. ... > I believe the AD/AM installation created these registry entries so I'm ... The account specified ...
    (microsoft.public.windows.server.active_directory)