Mass Changing Password MIN LENGTH

#11 (**permalink**) 01-04-2008, 10:12 PM

"Mark McWilliams" <mark@nospam.com> wrote in message
news:vu0u3bpsgna218@corp.supernews.com...
>
> "Steven Langdale" <steven.langdale@toyland.demon.co.uk> wrote in message
> news:fv1vtvkn98s91111qb0sr0tj4gbf578n9e@4ax.com...
> > On 16 Dec 2003 22:08:24 GMT, Nicholas Dronen <ndronen@io.frii.com>
> > wrote:
> >
> > >Mark McWilliams <mark@nospam.com> wrote:
> > >
> > >MM> "Steven Langdale" <steven.langdale@toyland.demon.co.uk> wrote in
> message
> > >MM> news:0squtvkvt9k4dajj09c0lfpgm2ugjkfl3d@4ax.com...
> > >>> On 16 Dec 2003 19:30:43 GMT, Nicholas Dronen <ndronen@io.frii.com>
> > >>> wrote:
> > >>>
> > >>> >MM> So I can just edit this file and save it and all of the
> user
> > >MM> settings
> > >>> >MM> will change?
> > >>> >
> > >>> >Please don't top-post. See my response at the bottom, where it
> > >>> >belongs.
> > >>> >
> > >>> >MM> "Steven Langdale" <steven.langdale@toyland.demon.co.uk> wrote
in
> > >MM> message
> > >>> >MM> news:1m8ktvsar05tqk86foq5o1rkdigts87aq2@4ax.com...
> > >>> >>> On Tue, 9 Dec 2003 13:54:24 -0600, "Mark McWilliams"
> <mark@nospam.com>
> > >>> >>> wrote:
> > >>> >>>
> > >>> >>> >I want to change (increase) the length of the Password MIN
LENGTH
> and
> > >MM> was
> > >>> >>> >wondering if their was a command to change all of my users with
> the
> > >MM> new
> > >>> >>> >setting instead of going into SMIT for each user account. If
> their
> > >MM> is
> > >>> >MM> such
> > >>> >>> >a command, what if a current user would have a password setup
> below
> > >MM> the
> > >>> >MM> new
> > >>> >>> >Password MIN LENGTH setting? What would happen? Would the
> system
> > >MM> ask
> > >>> >MM> them
> > >>> >>> >to change their password the next time they try to log in or
> would it
> > >>> >MM> wait
> > >>> >>> >until the next time the password needs to be reset?
> > >>> >>> >
> > >>> >>> >Any help would be great....
> > >>> >
> > >>> >>> Do you know that each individual user has got their MINLEN set?
> > >>> >>> Unless you specify it upon user creation the default will be
used.
> > >>> >>> Verify this by looking in /etc/security/user (I think - off the
> top of
> > >>> >>> my head). If it's not that file, it's one of them in
> /etc/security.
> > >>> >>>
> > >>> >>> If they are all using the default (all the stuff in the
"default:"
> > >>> >>> stanza at the top), you can change this.
> > >>> >>>
> > >>> >>> The change will not force a password change on next login, but
> will be
> > >>> >>> applied when their password expires.
> > >>> >
> > >>> >See the script I already posted. If you have a large number of
> > >>> >users, it would be wasteful to edit any file in /etc/security
> > >>> >manually. (Some would argue that commands like chuser and pwdadm
> > >>> >exist simply to prevent administrators from mucking up the files
> > >>> >by editing them by hand. But that's another story.)
> > >>> >
> > >>> >Regards,
> > >>> >
> > >>> >Nicholas
> > >>>
> > >>> All
> > >>>
> > >>> The point I was trying to make was that if the system is relying on
> > >>> the default stanza setting, there is no need to make a new entry in
> > >>> each user stanza. If you did, you would always have to make mass
> > >>> changes like this. This could be resolved by editing one value in
one
> > >>> line.
> > >>>
> > >>> I agree entirely with the general rule to use the commands to update
> > >>> these files, but this could be such a simple change, and difficult
to
> > >>> muck up. As an aside, can the standard utililities modify the
default
> > >>> stanza? I've never tried.
> > >>>
> > >>> Nicholas, Sorry I also sent a reply to your email address, pressed
> > >>> wrong button

> > >
> > >MM> Steve and Nicholas,
> > >
> > >MM> I didn't know that the top-post was some kind of etiquette
> thing
> > >MM> within newsgroups. Now I know....
> > >
> > >Some would disagree that it's important, but if a thread gets
> > >many replies, it remains readable if the responses are made
> > >inline and, just as one reads English, from top to bottom. (See
> > >the tpfaq.html link below.)
> > >
> > >MM> I only have about 60 users in my system and yes each user has a
> minlen
> > >MM> value. Can I just vi this file (/etc/security/user) and substitute
> this
> > >MM> line with the value that I want it to be and save it? It would
> probably be
> > >MM> best to do this after hours I guess!!!!
> > >
> > >I missed what Steve was getting at regarding the default. What
> > >you can do is change the minlen field in the default stanza.
> > >After that, if you want the setting to take effect immediately,
> > >just run the pwdadm command I posted previously for all
> > >accounts.
> > >
> > >Regards,
> > >
> > >Nicholas
> >
> > You have a coupe of choices here:
> >
> > 1. As you have MINLEN settings in each user stanza, you could use the
> > script that Nicholas provided to update them all. I'd also update the
> > one in the default stanza and not bother specifying one for all
> > subsequently created users.
> >
> > 2. You could update the one in the default stanza and remove the ones
> > from all the other user stanzas. As number 1, don't bother specifying
> > one for all subsequently created users so they just use the default.
> >
> > Personally I'd go for option 2, it will leave the system in a nice
> > clean state with only one place where MINLEN is specified, much easier
> > for subequent changes.
> >
> > If you also want to force a password change to enforce the MINLEN
> > immediately, use the script but just have it perform the pwdadm bit.
> >
> > I have done this in the past, and it worked without a hitch, but the
> > choice is yours.
> >
> > Good Luck
> >
> > Steven
> >
>
> Thanks guys.....I'm going to try this tomorrow night and I'll let you know
> how it goes.
>
> Mark
>
>

Gentelman,

I vi'd the file /etc/security/user last night and just did a find and
replace on minlen = X and saved the file. I went into SMIT and confirmed
the changes. Thanks for pointing me in the right direction.

Happy holidays.....

Mark

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode