Xref: utzoo comp.unix.admin:151 comp.unix.shell:221
Newsgroups: comp.unix.admin,comp.unix.shell
Path: utzoo!telly!eci386!woods
From: woods@eci386.uucp (Greg A. Woods)
Subject: Re: Logging a User Off
Message-ID: <1990Sep18.221912.17253@eci386.uucp>
Reply-To: woods@eci386.UUCP (Greg A. Woods)
Organization: Elegant Communications Inc.
References: <1990Sep11.173008.274@mccc.uucp> <544@fciva.FRANKLIN.COM> <1990Sep15.002036.17056@mccc.uucp>
Date: Tue, 18 Sep 90 22:19:12 GMT

In article <1990Sep15.002036.17056@mccc.uucp> pjh@mccc.edu (Pete Holsberg) writes:
> In article <544@fciva.FRANKLIN.COM> dag@fciva.UUCP (Daniel A. Graifer) writes:
> =Most of the responses I've seen have concentrated on bombing out a login.  In
> =fact, at some point, AT&T added a mechanism to do exactly what you want.  My
> =version of AT&T unix (Prime Sys V 3.1 r2) permits 'aging' of passwds (which
> =are actually stored in the /etc/shadow file).
> 
> 	Unfortunately, AT&T SVR3.1.2 doesn't have shadow passwords,
> 	and login thinks that ",.." in the password field of /etc/passwd
> 	is a password!

Don't get confused here by the abundance of information!  :-) The
"aging" feature was added sometime around SysVr3.0 or even 2.2.
Shadow passwords are 3.2 or so, and a little bit different kettle of
fish.  ",.." in the second (password) field of /etc/passwd certainly
worked on my AT&T 3B2/400 running SysVr3.1v2 (at least before the
lightning fried it a couple of weeks ago....).

> =I see you are on a SV machine, so you should check the passwd(1M) entry for
> =the -s (status), -l (lock), -x (expire days), -n(minimum days), and -f (force
> =change at next login) options.  
> 
> 	I am, but your SV is better than my SV!  I do not have passwd(1M).

It should be in the Administrator's Reference Manual, which if you
don't have a copy of, you should.  However, I can't check my 3.1
manuals today, since they are at home.  Meanwhile, I note the 3.0/386
manuals do not mention anything specific, nor does SVID-vol.1 or 2.
However, I've just checked our little AT&T 3b1, (SysVr2.2 derivative),
and it supports full password aging.  Certainly this 386 does as well,
regardless of what the manual says.

AT&T has a habit of adding features, but not documenting them for
several releases, if ever.  Perhaps password aging is a compile time
option in older login's and passwd's, thus it is up to the vendor to
turn it on.  Another infamous example of this is /etc/issue.
-- 
						Greg A. Woods

woods@{eci386,gate,robohack,ontmoh,tmsoft}.UUCP
+1-416-443-1734 [h]  +1-416-595-5425 [w]    VE3-TCP	Toronto, Ontario CANADA