README.SunOS-aging revision 7c478bd95313f5f23a4c958a745db2134aa03244
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# CDDL HEADER START
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# The contents of this file are subject to the terms of the
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# Common Development and Distribution License, Version 1.0 only
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# (the "License"). You may not use this file except in compliance
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# with the License.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# See the License for the specific language governing permissions
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# and limitations under the License.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# When distributing Covered Code, include this CDDL HEADER in each
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# If applicable, add the following below this CDDL HEADER, with the
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# fields enclosed by brackets "[]" replaced with your own identifying
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# information: Portions Copyright [yyyy] [name of copyright owner]
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo# CDDL HEADER END
f0ca1d9a12d54d304791bc74525e2010ca924726sb Copyright (c) 2001 by Sun Microsystems, Inc.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo All rights reserved.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo ident "%Z%%M% %I% %E% SMI"
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoFrom ALT 2600 FAQ:
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoA-06. What are those weird characters after the comma in my passwd file?
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoThe characters are password aging data. Password aging forces the
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppouser to change passwords after a system administrator-specified period
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoof time. Password aging can also force a user to keep a password for
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoa certain number of weeks before changing it.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo] Sample entry from /etc/passwd with password aging installed:
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo] voyager:5fg63fhD3d,M.z8:9406:12:The Voyager:/home/voyager:/bin/bash
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoNote the comma in the encrypted password field. The characters after
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppothe comma are used by the password aging mechanism.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo] Password aging characters from above example:
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoThe four characters are interpreted as follows:
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo 1: Maximum number of weeks a password can be used without changing.
ba2e4443695ee6a6f420a35cd4fc3d3346d22932seb 2: Minimum number of weeks a password must be used before changing.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo3& 4: Last time password was changed, in number of weeks since 1970.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoJV: 3 & 4 are in (low,high), where the number of weeks is (low+high*64).
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoThree special cases should be noted:
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoIf the first and second characters are set to '..' the user will be
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoforced to change his/her passwd the next time he/she logs in. The
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppopasswd program will then remove the passwd aging characters, and the
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppouser will not be subjected to password aging requirements again.
d10e4ef2fabf16c3237c6d6592496df3eac6a1efnarayanIf the third and fourth characters are set to '..' the user will be
19b65a69adc64b3289ccb2fc32b805782e3f4540sbforced to change his/her passwd the next time he/she logs in. Password
06db247c678f0e3956535e8a6dec31d6c2108827raghuramaging will then occur as defined by the first and second characters.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoIf the first character (MAX) is less than the second character (MIN),
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppothe user is not allowed to change his/her password. Only root can
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppochange that users password.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoIt should also be noted that the su command does not check the password
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppoaging data. An account with an expired password can be su'd to
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppowithout being forced to change the password.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo Password Aging Codes
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo+------------------------------------------------------------------------+
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo| Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H |
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo| Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
19b65a69adc64b3289ccb2fc32b805782e3f4540sb| Character: I J K L M N O P Q R S T U V W X Y Z a b |
c1c61f44e88f4c8c155272ee56d868043146096asb| Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
c1c61f44e88f4c8c155272ee56d868043146096asb| Character: c d e f g h i j k l m n o p q r s t u v |
c1c61f44e88f4c8c155272ee56d868043146096asb| Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
c1c61f44e88f4c8c155272ee56d868043146096asb| Character: w x y z |
f0ca1d9a12d54d304791bc74525e2010ca924726sb| Number: 60 61 62 63 |
34683adecebe88ca2c857e28be4749f3a083f9fcsg+------------------------------------------------------------------------+