04-27-2012 04:06 AM
Im configuring security parameters on some hpux v2 servers and as per the client request, they want to have dormant account disabled after some period of days and through my research i came across this command "usermod –f 10 username" but this command is usded on individual users but they want to configure it like they have on their Sun Solaris boxes where by a script is been writen on the system that will bind any user that is created on the system. So can i have a script in hpux that i can put in a file that will disable dormant account after some period of time without using this command on the individual users ??
Solved! Go to Solution.
05-10-2012 03:37 AM
if i may understand you clearly there is one security configuration that require me changing the system into trusted mode which i deed so curently the system is in a trusted mode.hope ive given you the information you need.
05-10-2012 08:28 AM
In trusted mode, global default values for account aging parameters are stored in /tcb/files/auth/system/default.
The easiest way to modify the defaults would be to use SAM (Auditing and Security -> System Security Policies -> General User Account Policies -> Lock Inactive Accounts), but you also could use the /usr/lbin/modprdef command:
/usr/lbin/modprdef -m llog=10
See also: "man prpwd", "man security", "man modprpw", "man getprpw".
In trusted mode, each user can optionally have custom settings that override the system-wide defaults. Only root (or some user authorized to use Restricted SAM, or a RBAC-privileged user if you use RBAC) can configure those custom settings. For example, if the CEO (account: bigboss) requires a different aging time value, you could run:
/usr/lbin/modprpw -m llog=20 bigboss
Setting any modprpw attribute to "-1" means "use the system-wide defaults for this user".