1# 2# CDDL HEADER START 3# 4# The contents of this file are subject to the terms of the 5# Common Development and Distribution License, Version 1.0 only 6# (the "License"). You may not use this file except in compliance 7# with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23 Copyright (c) 2001 by Sun Microsystems, Inc. 24 All rights reserved. 25 26 ident "%Z%%M% %I% %E% SMI" 27 28 29 30 31 32From ALT 2600 FAQ: 33 34A-06. What are those weird characters after the comma in my passwd file? 35 36The characters are password aging data. Password aging forces the 37user to change passwords after a system administrator-specified period 38of time. Password aging can also force a user to keep a password for 39a certain number of weeks before changing it. 40 41] 42] Sample entry from /etc/passwd with password aging installed: 43] 44] voyager:5fg63fhD3d,M.z8:9406:12:The Voyager:/home/voyager:/bin/bash 45] 46 47Note the comma in the encrypted password field. The characters after 48the comma are used by the password aging mechanism. 49 50] 51] Password aging characters from above example: 52] 53] M.z8 54] 55 56The four characters are interpreted as follows: 57 58 1: Maximum number of weeks a password can be used without changing. 59 2: Minimum number of weeks a password must be used before changing. 603& 4: Last time password was changed, in number of weeks since 1970. 61 62JV: 3 & 4 are in (low,high), where the number of weeks is (low+high*64). 63 64 65Three special cases should be noted: 66 67If the first and second characters are set to '..' the user will be 68forced to change his/her passwd the next time he/she logs in. The 69passwd program will then remove the passwd aging characters, and the 70user will not be subjected to password aging requirements again. 71 72If the third and fourth characters are set to '..' the user will be 73forced to change his/her passwd the next time he/she logs in. Password 74aging will then occur as defined by the first and second characters. 75 76If the first character (MAX) is less than the second character (MIN), 77the user is not allowed to change his/her password. Only root can 78change that users password. 79 80It should also be noted that the su command does not check the password 81aging data. An account with an expired password can be su'd to 82without being forced to change the password. 83 84 85 Password Aging Codes 86+------------------------------------------------------------------------+ 87| | 88| Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H | 89| Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | 90| | 91| Character: I J K L M N O P Q R S T U V W X Y Z a b | 92| Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | 93| | 94| Character: c d e f g h i j k l m n o p q r s t u v | 95| Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | 96| | 97| Character: w x y z | 98| Number: 60 61 62 63 | 99| | 100+------------------------------------------------------------------------+ 101