<div dir="ltr">Thank you for the reply.<br><br>I was wondering using some of the utilities provided by HP UX in /usr/lbin i.e. modprpw and getprpw in Perl to do the following:<br>1 - Get expiry date by following command<br>
/usr/lbin/getprpw -m spwchg userid<br>which will return a string as follow:<br> userid = Tue Aug 19 08:27:50 2008<br>my intention is to get this date and convert it to epoch and get current epoch date and get the difference. If the difference is more than 83 days then the script issue a warning screen.<br>
<br>2 - if a user account is disabled then enabled it with<br>modprpw -x userid<br>and reset the password using<br>moprpw -x userid<br><br>As for LDAP I am doing a quick tutorial but it is mostly theory, So if you can please give me a reference to web site where it hsow step by step procedure to do password synch on trusted system.<br>
<br>Also I need to know if LDAP is able to synch the password with windows login.<br><br>Thank you again for reply.<br><br><div class="gmail_quote">On Sat, Aug 30, 2008 at 7:46 PM, Rodrigo Barcellos <span dir="ltr"><<a href="mailto:rbarc77@yahoo.com">rbarc77@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello Ibrahim,<br>
<br>
Not sure if someone got back to you. Sounds like you want something exactly like LDAP. If you implement LDAP for your Unix servers, the password for all accounts will be synchronized - you change it on any box, it propagates it to all (because it sync's it at the LDAP server, the other servers are like a LDAP client). And that ID will expire on the same day, for all boxes.<br>
<br>
Depending on the LDAP implementation you use, there's one caveat, which doesn't tell you upfront that the password will expire. But that's easy to fix, you can have a perl script that runs on the global profile, which can launch a LDAP query command to check if you're about to expire and display a message accordingly.<br>
<br>
If you still want to have your passwords managed locally, it's doable, but way more painful and not secure. Basically, after a user enters a password and it gets crypted by HP-UX at /tcb/files/auth/r/root, you can capture that string with Perl and replicate it accross all the servers through scp, but you need the scp command to be run by another ID, exclusive to sync it to all servers (if you do the sync as root directly, you are openning root access to all servers without authentication, once you gain root access on one server). This other ID would leave the crypt password string on some directory, on all servers, and you can have a local cronjob (owned by root) that picks it up on every server and sets the password for that account accordingly. And then deletes that file left by the ID used to sync it everywhere.<br>
<br>
Cheers,<br>
<br>
Rodrigo<br>
<br>
<br>
--- On Wed, 8/27/08, Ibrahim Amin <<a href="mailto:ibrayem@gmail.com">ibrayem@gmail.com</a>> wrote:<br>
<br>
> From: Ibrahim Amin <<a href="mailto:ibrayem@gmail.com">ibrayem@gmail.com</a>><br>
> Subject: [tpm] changing password for multiple accounts<br>
> To: <a href="mailto:toronto-pm@pm.org">toronto-pm@pm.org</a><br>
> Date: Wednesday, August 27, 2008, 5:19 PM<br>
<div><div></div><div class="Wj3C7c">> Hello,<br>
> I am looking for a secure and easy way for enabling users<br>
> to change the<br>
> password of his account before it expires.<br>
><br>
> We use HP UX and some user have multiple logins in the form<br>
> of xxlogin,<br>
> where xx id two characters prefix and login is user login.<br>
><br>
> 1 - I am looking for a way in which I can synchronize all<br>
> the account<br>
> expiration date.<br>
> 2 - If a user change the password for one of his account<br>
> that change also<br>
> effect those accounts belongs to the same user.<br>
><br>
> I hope this can be done by perl.<br>
><br>
> Thank you<br>
> --<br>
> Yours truly,<br>
> Ibrahim Amin<br>
</div></div>> _______________________________________________<br>
> toronto-pm mailing list<br>
> <a href="mailto:toronto-pm@pm.org">toronto-pm@pm.org</a><br>
> <a href="http://mail.pm.org/mailman/listinfo/toronto-pm" target="_blank">http://mail.pm.org/mailman/listinfo/toronto-pm</a><br>
<br>
<br>
<br>
</blockquote></div><br><br clear="all"><br>-- <br>Yours truly,<br>Ibrahim Amin<br>
</div>