Mark McWilliams <mark@nospam.com> wrote:
MM> "Steven Langdale" <steven.langdale@toyland.demon.co.uk> wrote in message
MM> news:0squtvkvt9k4dajj09c0lfpgm2ugjkfl3d@4ax.com...
>> On 16 Dec 2003 19:30:43 GMT, Nicholas Dronen <ndronen@io.frii.com>
>> wrote:
>>
>> >MM> So I can just edit this file and save it and all of the user
MM> settings
>> >MM> will change?
>> >
>> >Please don't top-post. See my response at the bottom, where it
>> >belongs.
>> >
>> >MM> "Steven Langdale" <steven.langdale@toyland.demon.co.uk> wrote in
MM> message
>> >MM> news:1m8ktvsar05tqk86foq5o1rkdigts87aq2@4ax.com...
>> >>> On Tue, 9 Dec 2003 13:54:24 -0600, "Mark McWilliams" <mark@nospam.com>
>> >>> wrote:
>> >>>
>> >>> >I want to change (increase) the length of the Password MIN LENGTH and
MM> was
>> >>> >wondering if their was a command to change all of my users with the
MM> new
>> >>> >setting instead of going into SMIT for each user account. If their
MM> is
>> >MM> such
>> >>> >a command, what if a current user would have a password setup below
MM> the
>> >MM> new
>> >>> >Password MIN LENGTH setting? What would happen? Would the system
MM> ask
>> >MM> them
>> >>> >to change their password the next time they try to log in or would it
>> >MM> wait
>> >>> >until the next time the password needs to be reset?
>> >>> >
>> >>> >Any help would be great....
>> >
>> >>> Do you know that each individual user has got their MINLEN set?
>> >>> Unless you specify it upon user creation the default will be used.
>> >>> Verify this by looking in /etc/security/user (I think - off the top of
>> >>> my head). If it's not that file, it's one of them in /etc/security.
>> >>>
>> >>> If they are all using the default (all the stuff in the "default:"
>> >>> stanza at the top), you can change this.
>> >>>
>> >>> The change will not force a password change on next login, but will be
>> >>> applied when their password expires.
>> >
>> >See the script I already posted. If you have a large number of
>> >users, it would be wasteful to edit any file in /etc/security
>> >manually. (Some would argue that commands like chuser and pwdadm
>> >exist simply to prevent administrators from mucking up the files
>> >by editing them by hand. But that's another story.)
>> >
>> >Regards,
>> >
>> >Nicholas
>>
>> All
>>
>> The point I was trying to make was that if the system is relying on
>> the default stanza setting, there is no need to make a new entry in
>> each user stanza. If you did, you would always have to make mass
>> changes like this. This could be resolved by editing one value in one
>> line.
>>
>> I agree entirely with the general rule to use the commands to update
>> these files, but this could be such a simple change, and difficult to
>> muck up. As an aside, can the standard utililities modify the default
>> stanza? I've never tried.
>>
>> Nicholas, Sorry I also sent a reply to your email address, pressed
>> wrong button 
MM> Steve and Nicholas,
MM> I didn't know that the top-post was some kind of etiquette thing
MM> within newsgroups. Now I know....
Some would disagree that it's important, but if a thread gets
many replies, it remains readable if the responses are made
inline and, just as one reads English, from top to bottom. (See
the tpfaq.html link below.)
MM> I only have about 60 users in my system and yes each user has a minlen
MM> value. Can I just vi this file (/etc/security/user) and substitute this
MM> line with the value that I want it to be and save it? It would probably be
MM> best to do this after hours I guess!!!!
I missed what Steve was getting at regarding the default. What
you can do is change the minlen field in the default stanza.
After that, if you want the setting to take effect immediately,
just run the pwdadm command I posted previously for all
accounts.
Regards,
Nicholas
--
"Why shouldn't I top-post?"
http://www.aglami.com/tpfaq.html
"Meanings are another story."
http://www.ifas.org/wa/glossolalia.html