README.SunOS-aging
1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License, Version 1.0 only
6# (the "License"). You may not use this file except in compliance
7# with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23 Copyright (c) 2001 by Sun Microsystems, Inc.
24 All rights reserved.
25
26 ident "%Z%%M% %I% %E% SMI"
27
28
29
30
31
32From ALT 2600 FAQ:
33
34A-06. What are those weird characters after the comma in my passwd file?
35
36The characters are password aging data. Password aging forces the
37user to change passwords after a system administrator-specified period
38of time. Password aging can also force a user to keep a password for
39a certain number of weeks before changing it.
40
41]
42] Sample entry from /etc/passwd with password aging installed:
43]
44] voyager:5fg63fhD3d,M.z8:9406:12:The Voyager:/home/voyager:/bin/bash
45]
46
47Note the comma in the encrypted password field. The characters after
48the comma are used by the password aging mechanism.
49
50]
51] Password aging characters from above example:
52]
53] M.z8
54]
55
56The four characters are interpreted as follows:
57
58 1: Maximum number of weeks a password can be used without changing.
59 2: Minimum number of weeks a password must be used before changing.
603& 4: Last time password was changed, in number of weeks since 1970.
61
62JV: 3 & 4 are in (low,high), where the number of weeks is (low+high*64).
63
64
65Three special cases should be noted:
66
67If the first and second characters are set to '..' the user will be
68forced to change his/her passwd the next time he/she logs in. The
69passwd program will then remove the passwd aging characters, and the
70user will not be subjected to password aging requirements again.
71
72If the third and fourth characters are set to '..' the user will be
73forced to change his/her passwd the next time he/she logs in. Password
74aging will then occur as defined by the first and second characters.
75
76If the first character (MAX) is less than the second character (MIN),
77the user is not allowed to change his/her password. Only root can
78change that users password.
79
80It should also be noted that the su command does not check the password
81aging data. An account with an expired password can be su'd to
82without being forced to change the password.
83
84
85 Password Aging Codes
86+------------------------------------------------------------------------+
87| |
88| Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H |
89| Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
90| |
91| Character: I J K L M N O P Q R S T U V W X Y Z a b |
92| Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
93| |
94| Character: c d e f g h i j k l m n o p q r s t u v |
95| Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
96| |
97| Character: w x y z |
98| Number: 60 61 62 63 |
99| |
100+------------------------------------------------------------------------+
101