modprpw(1M)modprpw(1M)NAMEmodprpw - modify protected password database
SYNOPSIS
username
value,... ] username
DESCRIPTION
updates the user's protected password database settings. This command
is available only to the superuser in a trusted system.
Usage other than via SAM, and/or modifications out of sync with may
result in serious database corruption and the inability to access the
system.
All updated values may be verified using the command. See getprpw(1M).
uses the configuration file default if is not specified. See nss‐
witch.conf(4).
Options
sets user's parameters as defined by the options specified. At least
one option is required. If a field is not specified in the option then
its value remains unchanged in the database.
recognizes the following options:
To add a new user entry and to return a random password
which the new user must use to login the first time. This entry
has to be created with the given username and the
Error is returned if the user already exists.
May be combined with the option.
Unlike the command, it does not create nor populate the home
directory, and it does not update
This option is specified WITHOUT a user name to expire
all user's passwords. It goes through the protected password
database and zeroes the successful change time of all users. The
result is all users will need to enter a new password at their
next login.
May be combined with the option.
This option is specified with a user name to expire
the specified user's password. It zeroes the successful change
time.
May be combined with the and/or options.
To unlock/enable a user's account that has become disabled,
except when the lock is due to a missing password or * password.
May be combined with the and/or options.
This option modifies data for a local user,
username. This option must be specified with other options.
Modify the database field to the specified value
and/or resets locks. Valid with one of the following options: or
A list of database fields may be used with comma as a delimiter.
An "invalid-opt" is printed, and processing terminates, if a list
of database fields passed to contains an invalid database field.
Boolean values are specified as YES, NO, or DFT for system default
values Numeric values are specified as positive numbers, 0, or -1.
If the -1 is specified, the numeric value in the database is
removed, allowing the system default value to be used. Time val‐
ues are specified in days, although the database keeps them in
seconds.
No aging is present if the following 4 database parameters are all
zero:
Unless specified by all database fields can be set. They are
listed below in the order shown in The database fields are fully
explained in prpwd(4).
DATABASE FIELD
database
database
Set the uid of the user. No sanity checking
is done on this value.
database
database
database
Set boot authorization privilege, removes it
from the user file.
database
Set audit id. Automatically limited not to
exceed the next available id.
database
Set audit flag.
database
Set the minimum time interval between password
changes (days). 0 = none. Same as non-trusted
mode minimum time.
database
Set the maximum password length for system
generated passwords.
database
Set password expiration time interval (days).
0 = not expired. Same as non-trusted mode
maximum time.
database
Set password life time interval (days). 0 =
infinite.
database
Modified by options maybe
database
database
Set account expiration time interval (days).
This interval is added to "now" to form the
value in the database (database 0 = no expira‐
tion).
database
Set the last login time interval (days). Used
with
database
Set password expiration warning time interval
(days). 0 = none.
database Obsoleted field.
database
Set whether User Picks Password,
database
Set whether system generates pronounceable
passwords,
database
Set if generated password is restricted, If
password will be checked for triviality.
database
Set whether null passwords are allowed, is not
recommended!
database Obsolescent field.
database Obsoleted field.
database
Set whether system generates passwords having
characters only,
database
Set whether system generates passwords having
letters only,
database
Set the time-of-day allowed for login.
The format is:
Where key has the following values:
- Monday
- Tuesday
- Wednesday
- Thursday
- Friday
- Saturday
- Sunday
- everyday
- Monday -> Friday
and Starttime and Endtime are in military
format: HHMM, where:
00 <= HH <= 23, and 00 <= MM <= 59.
database
database
database
database
database
database
Set Maximum Unsuccessful Login tries allowed.
0 = infinite.
database
Set the administrator lock,
This option is specified WITHOUT a user name to
"validate/refresh" all user's passwords. It goes through the pro‐
tected password database and sets the successful change time to
the current time for all users. The result is that all user's
password aging restarts at the current time.
May be combined with the option.
This option is specified with a user name to
"validate/refresh" the specified user's password. It sets the
successful change time to the current time.
May be combined with the and/or options.
Delete the user's password and return a random password that
the user must later supply to the login process to login and pick
a new password. Not valid for root. Also resets locks.
May be combined with the option.
RETURN VALUE
0 Success.
1 User not privileged.
2 Incorrect usage.
3 Can not find the entry or file.
4 Can not change the entry.
5 Not a Trusted System.
EXAMPLES
Set the Minimum time between password changes to 12 (days), set the
System generates pronounceable password flag to NO, and set the System
generates password having characters only flag to YES.
The following example is to restrict the times that user joeblow can
get on the system on Mondays and Fridays to 5PM-9PM, and Sundays from
5AM-9AM. Other days are not restricted.
WARNINGS
This command is intended for SAM use only. It may change with each
release and can not be guaranteed to be backward compatible.
Several database fields interact with others. Side effects may not be
apparent until much later.
Special meanings may apply in the following cases:
· an absent field,
· a field without a value,
· a field with a zero value.
Very little, if any checking is done to see if values are valid. It is
the user's responsibility to range check values.
HP-UX 11i Version 3 is the last release to support trusted systems
functionality.
FILES
System Password file
Protected Password Database
System Defaults Database
AUTHOR
was developed by HP.
SEE ALSOgetprpw(1M), prpwd(4), nsswitch.conf(4).
TO BE OBSOLETED modprpw(1M)