Know how to remove password expiry in HPUX trusted system. This is helpful in setting app accounts that need non-expiry passwords to run.
Requirement
Every account on the system has a password expiry period defined. Password expiry period means after that period (defined in days) account owner should change the account’s password. Some applications/users are required to have the same password for a longer duration. This requires them to exit from the system-wide password expiry policy. So that those accounts can run a lifetime without the need for changing their passwords.
Also read: How to remove password expiry in Linux
How to do it
Firstly check current set values for the account using getprpw.
# /usr/lbin/getprpw username
uid=114, bootpw=NO, audid=67, audflg=1, mintm=90, maxpwln=-1, exptm=90, lftm=90,, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeulogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000
We are modifying the below parameters for an account in order to achieve our goal.
exptm: Password expiration timeexpwarn: Password expiration warning timelftm: Password lifetimemintm: Time between password changes
All the above parameters are always defined in days. Setting them to -1 disables that password aging rule for a specified account. All the above parameters can be individually tweaked like below.
/usr/lbin/modprpw -l -m exptm=-1 username
/usr/lbin/modprpw -l -m expwarn=-1 username
/usr/lbin/modprpw -l -m lftm=-1 username
/usr/lbin/modprpw -l -m mintm=-1 username
They even can be tweaked in a single command like on below :
/usr/lbin/modprpw -l -m mintm=-1,exptm=-1,expwarn=-1,lftm=-1 username
Here -l switch makes changes to the local account only. It is advised to use -l switch with all the above options per the man page of modprpw.
Now see values newly set in the account. You can notice values are tweaked to -1 now.
# /usr/lbin/getprpw username
uid=114, bootpw=NO, audid=67, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1,T, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timculogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000