HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

411

412

413

414

415

416

417

418

419

420

security(4) security(4)

userdbset -d -u username login_time

INACTIVITY_MAXDAYS=0

Inactive accounts are not expired.

INACTIVITY_MAXDAYS=

N Inactive accounts are expired if there have been no

logins to the account for at least N days. N can be any positive integer.

Default value:

INACTIVITY_MAXDAYS=0

LOGIN_TIMES

This attribute restricts logins to speciﬁc time periods. Login time restrictions are

based on the system’s time zone. See the discussion of time zones in the Notes section.

This attribute does not apply to trusted systems. This attribute is supported for users

in all name server switch repositories, such as local, NIS and LDAP. This attribute is

enforced in the

pam_hpsec service module, and requires that the

pam_hpsec

module be conﬁgured in /etc/pam.conf

. See pam_hpsec(5). Other PAM service

modules in your conﬁguration may enforce additional restrictions. The system-wide

default deﬁned here may be overridden by deﬁning a per-user value in

/var/adm/userdb

(described in userdb(4)).

LOGIN_TIMES= timeperiod An account is locked if the current time is not within

the speciﬁed time period. The timeperiod consists of any number of day and time

ranges separated by colons. A user is allowed to access the system when the login

time is within any of the speciﬁed ranges. The days are speciﬁed by the following

abbreviations:

Su Mo Tu We Th Fr Sa Wk Any

Where Wk is all week days and Any is any day of the week.

A time range can be included after the day speciﬁcation. A time range is a 24-hour

time period, speciﬁed as hours and minutes separated by a hyphen. Each time must

be speciﬁed with 4 digits (HHMM-HHMM). Leading zeros are required. This time

range indicates the start and end time for the speciﬁed days. The start time must be

less than the end time. When no time range is speciﬁed, all times within the day(s)

are valid.

If the current time is within the range of any of the time ranges speciﬁed for a user,

the user is allowed to access the system.

Do not use 0000-0000 as a time range to prevent user access. For example,

Any:Fr0000-0000 cannot be used to disallow access on Fridays. Instead,

SuMo-

TuWeThSa

should be used. See the EXAMPLES section.

Default value: LOGIN_TIMES=Any

Can login any day of the week.

MIN_PASSWORD_LENGTH

This attribute controls the minimum length of new passwords. On trusted systems it

applies to all users. On standard systems it applies to non-root local users and to NIS

users. The system-wide default deﬁned here may be overridden by deﬁning per-user

values in /var/adm/userdb

(described in userdb(4)).

MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters.

For standard systems, N can be any value from 3 to 8. For trusted systems, N can be

any value from 6 to 80.

Default value:

MIN_PASSWORD_LENGTH=6

NOLOGIN

This attribute controls whether non-root login can be disabled by the

/etc/nologin ﬁle. Note that this attribute only applies to the applications that

use session management services provided by pam_hpsec as conﬁgured in

/etc/pam.conf , or those services that indirectly invoke login such as the tel-

netd

and rlogind commands. Other services may or may not choose to enforce

the /etc/nologin ﬁle.

NOLOGIN=0 Ignore the /etc/nologin ﬁle and do not exit if the

/etc/nologin ﬁle exists.

NOLOGIN=1 Display the contents of the /etc/nologin ﬁle and exit if the

/etc/nologin ﬁle exists.

414 Hewlett-Packard Company − 3 − HP-UX 11i Version 3: February 2007