Posts: 31
Registered: ‎11-10-2009
Message 1 of 4 (393 Views)
Accepted Solution


Hi guys,

               Im configuring security parameters on some hpux v2 servers and as per the client request, they want to have dormant account disabled after some period of days and through my research i came across this command "usermod –f 10 username" but this command is usded on individual users but they want to configure it like they have on their Sun Solaris boxes where by a script is been writen on the system that will bind any user that is created on the system. So can i have a script in hpux that i can put in a file that will disable dormant account after some period of time without using this command on the individual users ??

Acclaimed Contributor
Posts: 25,692
Registered: ‎03-06-2006
Message 2 of 4 (366 Views)


Is this system with default, enhanced or trusted security?

Posts: 31
Registered: ‎11-10-2009
Message 3 of 4 (355 Views)


hio boss,

                 if i may understand you clearly there is one security configuration that require me changing the system into trusted mode which i deed so curently the system is in a trusted mode.hope ive given you the information you need.

Honored Contributor
Posts: 6,271
Registered: ‎12-02-2001
Message 4 of 4 (344 Views)


In trusted mode, global default values for account aging parameters are stored in /tcb/files/auth/system/default.

The easiest way to modify the defaults would be to use SAM (Auditing and Security -> System Security Policies -> General User Account Policies -> Lock Inactive Accounts), but you also could use the /usr/lbin/modprdef command:

/usr/lbin/modprdef -m llog=10

 See also: "man prpwd", "man security", "man modprpw", "man getprpw".


In trusted mode, each user can optionally have custom settings that override the system-wide defaults. Only root (or some user authorized to use Restricted SAM, or a RBAC-privileged user if you use RBAC) can configure those custom settings. For example, if the CEO (account: bigboss) requires a different aging time value, you could run:

/usr/lbin/modprpw -m llog=20 bigboss

Setting any modprpw attribute to "-1" means "use the system-wide defaults for this user".


The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.