AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only

  • 1.  minlen Question for all existing users

    Posted Wed March 20, 2013 09:59 AM

    Originally posted by: SystemAdmin


    I just want to make sure I understand the minlen setting on AIX. I inherited a server that is several years old running AIX 5.3. First is there any way to set all existing users to have their password set with a minlen of 8 without updating every single user? I suspect I have to change it for each individual user, this server has several hundred users that need to have their password minlen increased. Secondly, when this is changed for a user, does it enforce the rule the next time they reset their passwords or does it immediately force them to change their password on next login?

    Thanks in advance.


  • 2.  Re: minlen Question for all existing users

    Posted Wed March 20, 2013 12:46 PM

    Originally posted by: alethad


    I would recommend looking at the pwdadm command along with a couple of the other commands used for changing user's passwords. But you are going to have to write scripts to be able to do this for multiple users. I don't know a way around that unless someone else might.

    How many users have a greater than 8 minlen? 8 is the default unless you are on AIX5.3TL7 or later which did allow you to set it longer.

    Also test this first thoroughly before putting it out into your production system.
    Good Luck.

    You've got to continue to grow, or you're just like last night's cornbread -- stale & dry Loretta Lynn alethad


  • 3.  Re: minlen Question for all existing users

    Posted Wed March 20, 2013 02:20 PM

    Originally posted by: SystemAdmin


    Actually all the users, hundreds had a minlen of 6 and we wanted to change it to 8. I used a Perl one liner to change just the minlen = 6 line to minlen = 8 on the /etc/security/users file for each user. After backing it up of course. This looks as if it worked.. Before I made my own one command to change all the users to minlen = 8 I wanted to find out if AIX had someway to do it for me. I thought perhaps there was something in smitty, but this was just as easy. Thanks for the reply.


  • 4.  Re: minlen Question for all existing users

    Posted Wed March 20, 2013 02:51 PM

    Originally posted by: alethad


    Yeah nothing in smitty for blanket changes on that many users at one time. You have to script it.

    Glad it worked out for you.

    You've got to continue to grow, or you're just like last night's cornbread -- stale & dry Loretta Lynn alethad


  • 5.  Re: minlen Question for all existing users

    Posted Wed March 20, 2013 04:54 PM

    Originally posted by: ColombianJoker


    Hello, AIX uses the values for the default stanza in configuration files whenever an user have not their own values. If you remove minlen=x from an user stanza, then it will use the value from default for these users.

    Try
    grep -p USERNAME: /etc/security/user
    It will show the attributes for user USERNAME
    Use
    lsuser -a minlen USERNAME
    To get the value AIX is using for that user
    Then try
    chsec -f /etc/security/user -s USERNAME -a minlen=
    for some user USERNAME and it will remove that value
    Try
    lsuser -a minlen USERNAME
    and it will show you the value is using, from the default stanza.


  • 6.  Re: minlen Question for all existing users

    Posted Wed March 20, 2013 04:56 PM

    Originally posted by: ColombianJoker


    You can automate:
    for USER in $(lsuser -a ALL)
    do
    chsec -f /etc/security/user -s $USER -a minlen=
    done

    And it will remove the minlen attribute for each user

    You will need to use usrck and pwdck after these changes to be sure all users are forced to change their passwords to some valid value.


Related Content