Hello,
We just switched recently to C2-security enhanced on GS140 running DU4.0 E.
As we don't want password aging, we put :u_exp#0:u_life#0: in default
database.
Since that, we are unable to issue a 'su - user' or 'su user', though direct
login on that user is still possible.
Example:
aster2.ulb.ac.be_at_mfdevil >su - unixcsh
Password has expired.
Setting a new password for it cannot be done from here.
aster2.ulb.ac.be_at_mfdevil >edauth -g -dd
default:\
:d_name=default:d_pw_expire_warning#3456000:d_pw_site_callout=/tcb/bin/pwpolicy
:d_boot_authenticate_at_:\
:d_secclass=c2:\
:\
:u_pwd=*:u_cmdpriv=boot,ping,printerstat,tape:u_syspriv=execsuid,chmodsugid:\
:u_basepriv=execsuid,chmodsugid:\
:u_minchg#0:u_minlen#6:u_maxlen#8:u_exp#0:\
:u_life#0:u_pickpw:u_genpwd:u_restrict_at_:\
:u_nullpw_at_:u_pwdepth#5:u_genchars:u_genletters:\
:u_maxtries#5:u_lock:\
:t_maxtries#10:t_logdelay#2:\
:\
::d_audit_enable_at_:u_auditcntl#0:u_auditdisp=:u_unlockint#86400:t_unlockint#8640
0::chkent:
aster2.ulb.ac.be_at_mfdevil >edauth -g -dp unixcsh
unixcsh:u_name=unixcsh:u_id#140:u_pwd=9C4YFiT9qfIqI:u_succhg#0:\
:u_oldcrypt#2:u_lock_at_:chkent:
Thanks,
Marie-Francoise
================================================
Marie-Francoise Devillers-Thiry - System .
Brussels Free Universities Computer Center (ULB)- CP 197.
50,Av. F.D. Roosevelt, B-1050 Brussels, BELGIUM.
Email : MF.Devillers_at_ulb.ac.be Tel : ++32 2 6503728 Fax : ++32 2 6503740
Received on Fri Mar 12 1999 - 13:27:13 NZDT