From: Willis Gregory (wgregory@cox.net)
Date: Mon Nov 13 2006 - 20:48:43 EST
In September, I converted an old 10.20 legacy system to trusted mode for a
customer and tried to patch it from old archives. We need to keep it
running another 6-12 months.
PROBLEM 1
During the trusted conversion, I set password expiration time to 60 and
password expiration to 7. This past weekend, all of the passwords expired;
however, there was no advance warning message received by anyone.
During the conversion, I removed sendmail from /sbin/rc2.d since the system
does not send or receive mail with other systems.
Would this have caused the problem?
Does sendmail have to be running to receive password expiration warnings?
PROBLEM 2
Terminal security policies were set during conversion to a max of 15
unsuccessful login tries. We naturally then had a workstation where the
user tried 15 times to login and failed, then moved to another workstation
without advising anyone.
Is there a way to run a daily script outside sam that will enable a system
administrator to determine all terminals that have been inactivated?
I thought there may be a way using /usr/lbin/getprterm; however, I cannot
find any documentation on this command. There does not appear to be a way
to grep /tcb/files/ttys for such a value.
PROBLEM 3
Is there a way to run a daily script outside sam that will identify all
user accounts that have been inactivated due to failed logins?
I found some documentation on getprpw; however, it appears you have to
supply the name of an individual user each time it is run.
Thanks.
Willis Gregory
wgregory@cox.net
-- ---> Please post QUESTIONS and SUMMARIES only!! <--- To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only) http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:54 EDT