Re: Key expiration (94 Views)
Reply
Advisor
Orlando De Oliveira R
Posts: 49
Registered: ‎01-17-2001
Message 1 of 6 (94 Views)

Key expiration

Hi,

As I can control that the key of the users expires?
Some file of UX 11.0 control this parameter of key expiration?

Thanks,

Orlando
Orlando Oliveira
Honored Contributor
Thomas Bianco
Posts: 734
Registered: ‎06-10-2001
Message 2 of 6 (94 Views)

Re: Key expiration

perhaps you could be a bit more specific?

i assume you're speaking of a asymetric cryptographic key pair. is this PGP/GPG, SSH?

in general, cryptographic keys expire because of an expiration date stored in the key pair itself. expired keys are still mathmatically valid, but most programs will not honor them. (think "Expired ID" not "Expired milk")
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 3 of 6 (94 Views)

Re: Key expiration

If you exchanged public ssh keys, they do not to my knowledge and experience expire.

I've got keys at least a year old still working.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Advisor
Orlando De Oliveira R
Posts: 49
Registered: ‎01-17-2001
Message 4 of 6 (94 Views)

Re: Key expiration

Hello,

To what I refer it is to the final user's of applications password. Is it possible that this password expires?.

I need that every so often it is requested the user the change of password in an automatic way.

Thank you,

Orlando
Orlando Oliveira
Honored Contributor
John Poff
Posts: 2,448
Registered: ‎05-22-2001
Message 5 of 6 (94 Views)

Re: Key expiration

Hi,

Take a look at the 'passwd' command. You can set the maxiumum number of days that a password can remain unchanged, the number of days prior to expiration that the user will be warned about the password, and the minimum number of days between password changes. You can set this from the command line or from SAM.

JP
Honored Contributor
Andrew Cowan
Posts: 710
Registered: ‎02-27-2001
Message 6 of 6 (94 Views)

Re: Key expiration

SEP's right, the only way that SSH/PKI keys expire is when they are wrapped in an X.509 certificate, and then its the certificate itself that provides the lifetime data.

If you want SSH keys that expire you could consider using Kerberos tickets as your keys. That way an expirey is automatically built in.

Good luck,
Andrew
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.