Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
41424344454647484950
Use the following commands to enable, verify, and disable shadow passwords:
The pwconv command creates a shadow password file and copies the encrypted
passwords from the /etc/passwd file to the /etc/shadow file.
The pwck command checks the /etc/passwd and /etc/shadow files for
inconsistencies.
The pwunconv command copies the encryped passwords and aging information
from the /etc/shadow file to the /etc/passwd file and then deletes the /etc/
shadow file.
For more information, see pwconv(1M), pwck(1M), pwunconv(1M) and shadow(4).
Note the following points about the shadow password feature.
When the shadow password feature is enabled, applications can be affected if they
directly access the password field of the /etc/passwd file to obtain password and
aging information. That field will now contain an x, indicating that the information
is in /etc/shadow.
Applications that use the PAM interfaces to authenticate, are not effected.
To access the /etc/shadow file programmatically, use the getspent calls. These
calls are similar to the getpwent calls for /etc/passwd. For more information,
see getspent(3C) and getpwent(3C).
In the /etc/nsswitch.conf file, shadow passwords are supported with files,
NIS, and LDAP name services, but they may not be supported with other name
server switch backends. To configure the system to use only files, NIS, and/or
LDAP, ensure that the passwd line in /etc/nsswitch.conf contains only files,
NIS, and/or LDAP. If /etc/nsswitch.conf does not exist, or if the passwd
line is not present, then the default is files only. For more information, see
nsswitch.conf(4).
The shadow password is based on the de facto standard provided with other UNIX
systems.
The following attributes, defined in /etc/default/security, apply to shadow
passwords. See Section 2.5 and consult the security(4) manpage for more information.
INACTIVITY_MAXDAYS—Number of days before expiring an account for inactivity.
PASSWORD_MINDAYS—Minimum number of days before a password can be
changed.
PASSWORD_MAXDAYS—Maximum number of days that passwords are valid.
PASSWORD_WARNDAYS—Number of days before warning users of password
expiration.
Shadow passwords are supported with Serviceguard.
44 Administering User and System Security