modprpw.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

modprpw(1M) modprpw(1M)

(TO BE OBSOLETED)

NAME

modprpw - modify protected password database

SYNOPSIS

modprpw [-E|-V][

-l]

modprpw [-x][-l

] username

modprpw [-A|-e

|-v|-k][-m ﬁeld=value ,... ] [-l

] username

DESCRIPTION

modprpw updates the user’s protected password database settings. This command is available only to

the superuser in a trusted system.

Usage other than via SAM, and/or modiﬁcations out of sync with

/etc/passwd may result in serious

database corruption and the inability to access the system.

All updated values may be veriﬁed using the

getprpw command. See getprpw (1M).

modprpw uses the /etc/nsswitch.conf

conﬁguration ﬁle default if

-l is not speciﬁed. See

nsswitch.conf(4).

Options

modprpw sets user’s parameters as deﬁned by the options speciﬁed. At least one option is required. If a

ﬁeld is not speciﬁed in the option then its value remains unchanged in the database.

modprpw recognizes the following options:

-A To add a new user entry and to return a random password which the new user must use to login the

ﬁrst time. This entry has to be created with the given username and the -m

uid=value.

Error is returned if the user already exists.

May be combined with the

-l option.

Unlike the

useradd command, it does not create nor populate the home directory, and it does not

update /etc/passwd.

-E This option is speciﬁed WITHOUT a user name to expire all user’s passwords. It goes through the

protected password database and zeroes the successful change time of all users. The result is all

users will need to enter a new password at their next login.

May be combined with the

-l option.

-e This option is speciﬁed with a user name to expire the speciﬁed user’s password. It zeroes the suc-

cessful change time.

May be combined with the

-l and/or -m options.

-k To unlock/enable a user’s account that has become disabled, except when the lock is due to a missing

password or * password.

May be combined with the

-l and/or -m options.

-l This option modiﬁes data for a local user, username . This option must be speciﬁed with other

options.

-m field =value ,...

Modify the database ﬁeld to the speciﬁed value and/or resets locks. Valid with one of the following

options: -A, -e, -v, -k,or-l.

A list of database ﬁelds may be used with comma as a delimiter. An "invalid-opt" is printed, and

processing terminates, if a list of database ﬁelds passed to

-m contains an invalid database ﬁeld.

Boolean values are speciﬁed as YES, NO, or DFT for system default values

(

/tcb/files/auth/system/default). Numeric values are speciﬁed as positive numbers, 0,

or -1. If the value -1 is speciﬁed, the numeric value in the database is removed, allowing the system

default value to be used. Time values are speciﬁed in days, although the database keeps them in

seconds.

No aging is present if the following 4 database parameters are all zero:

u_minchg, u_exp,

u_life, u_pw_expire_warning.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
modprpw(1M) modprpw(1M) (TO BE OBSOLETED) NAME modprpw - modify protected password database SYNOPSIS modprpw [-E|-V] [-l] modprpw [-x] [-l] username modprpw [-A|-e|-v|-k] [-m field =value ,... ] [-l] username DESCRIPTION modprpw updates the user’s protected password database settings. This command is available only to the superuser in a trusted system.
PAGE 2
modprpw(1M) modprpw(1M) (TO BE OBSOLETED) Unless specified by n/a, all database fields can be set. They are listed below in the order shown in prot.h. The database fields are fully explained in prpwd (4). FIELD=VALUE DATABASE FIELD n/a database u_name. uid=value database u_id. Set the uid of the user. No sanity checking is done on this value. n/a database u_pwd. n/a database u_owner. bootpw=value database u_bootauth. Set boot authorization privilege, YES/NO/DFT.
PAGE 3
modprpw(1M) modprpw(1M) (TO BE OBSOLETED) nullpw=value database u_nullpw. Set whether null passwords are allowed, YES/NO/DFT. YES is not recommended! n/a database u_pwchanger. Obsolescent field. admnum=value database u_pw_admin_num. Obsoleted field. syschpw=value database u_genchars. Set whether system generates passwords having characters only, YES/NO/DFT. sysltpw=value database u_genletters. Set whether system generates passwords having letters only, YES/NO/DFT. timeod=value database u_tod.
PAGE 4
modprpw(1M) modprpw(1M) (TO BE OBSOLETED) 1 2 3 4 5 User not privileged. Incorrect usage. Can not find the entry or file. Can not change the entry. Not a Trusted System. EXAMPLES Set the Minimum time between password changes to 12 (days), set the System generates pronounceable password flag to NO, and set the System generates password having characters only flag to YES.