Thursday, June 11, 2015

How to Determine if an HP-UX Account is Locked

/usr/lbin/getprpw -l <account>
/usr/lbin/modprpw -k <account>

You need to know if accounts are locked
System may be a "trusted" system which means that it has higher security
enabled.
On a non-trusted system the /etc/passwd file will contain the information:
man passwd:
-s name Display some password attributes associated with the
specified name. Superuser privilege and non-trusted
mode is required if the files repository is specified.
The format of the display will be:
name status mm/dd/yy min max warn


or, if password aging information is not present
(#### e.g. that info is held in tcb directories ###)
name status
where status means: PS =passworded; LK =locked; and NP=no password.
passwd -s -a:
PS =passworded; LK =locked; and NP=no password
on a trusted system the /tcb directory structure holds the lock info;
man getprpw:
lockout returns the reason for a lockout in a "bit" valued string, where 0 = condition not present, 1 is present.

The position, left to right represents:
Google Voice and Video Chat Installer for Google Hangouts  "The Installer encountered error 1625:  This installation is forbidden by system policy.  Contact your system administrator".

1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *
(If the user is NOT locked, all bits will be 0)

getprpw:
for USER in `awk -F: '{print $1}' /etc/passwd`
do
printf $USER
printf " "
/usr/lbin/getprpw -m lockout,alock $USER
done

Bryan Payne on Linkedin  https://www.linkedin.com/in/paynebryan


+Bryan Payne add me on Google Plus