HP-UX Reference (11i v1 05/09) - 1M System Administration Commands A-M (vol 3)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

521

522

523

524

525

526

527

528

529

530

modprpw(1M) modprpw(1M)

NAME

modprpw - modify protected password database

SYNOPSIS

modprpw [-E|-V][-l

|-n [domain]]

modprpw [-x][-l|

-n [domain]] username

modprpw [-A|-e|-v|

-k][-m ﬁeld=value,... ] [-l|-n [domain]] username

DESCRIPTION

modprpw updates the user’s protected password database settings. This command is available only to the

superuser in a trusted system.

Usage other than via SAM, and/or modiﬁcations out of sync with

/etc/passwd or NIS+ tables, may

result in serious database corruption and the inability to access the system.

All updated values may be veriﬁed using getprpw(1M).

The database contains information for both local and NIS+ users. However, some NIS+ information is kept

on the master. Since a user may be both local and NIS+,

modprpw uses the nsswitch.conf(4) default if nei-

ther

-l nor -n are speciﬁed.

Options

modprpw sets user’s parameters as deﬁned by the options speciﬁed. At least one option is required. If a

ﬁeld is not speciﬁed in the option then its value remains unchanged in the database.

modprpw recognizes the following options...

-A To add a new user entry and to return a random password which the new user must use to login the

ﬁrst time. This entry has to be created with the given username and the -m

uid=value.

Error is returned if the user already exists.

May be combined with one of the

-l or -n options. It also adds entries to the NIS+ tables, if

-n is

speciﬁed.

Unlike useradd(1M), it does not create nor populate the home directory, and it does not update

/etc/passwd .

-E This option is speciﬁed WITHOUT a user name to expire all user’s passwords. It goes through the

protected password database and zeroes the successful change time of all users. The result is all users

will need to enter a new password at their next login.

May be combined with one of -l or -n options.

-e This option is speciﬁed with a user name to expire the speciﬁed user’s password. It zeroes the success-

ful change time.

May be combined with options -l, -m, -n.

-k To unlock/enable a user’s account that has become disabled, except when the lock is due to a missing

password or * password.

May be combined with options -l, -m, -n.

-l This option speciﬁes to modify data for a local user. It cannot be speciﬁed with the -n option. This

option must be speciﬁed with other options.

-m Modify the database ﬁeld to the speciﬁed value and/or resets locks. Valid with one of -A, -e, -v,

-k

options; and one of -l, -n options.

A list of database ﬁelds may be used with comma as a delimiter. An "invalid-opt" is printed, and pro-

cessing terminates, if a list of database ﬁelds passed to -m contains an invalid database ﬁeld.

Boolean values are speciﬁed as YES, NO, or DFT for system default values

(/tcb/files/auth/system/default). Numeric values are speciﬁed as positive numbers, 0,

or -1. If the value -1 is speciﬁed, the numeric value in the database is removed, allowing the system

default value to be used. Time values are speciﬁed in days, although the database keeps them in

seconds.

No aging is present if the following 4 database parameters are all zero:

u_minchg, u_exp,

u_life, u_pw_expire_warning.

HP-UX 11i Version 1: September 2005 − 1 − Hewlett-Packard Company Section 1M−−503