SUMMARY: Command line re-enabling of disabled user accounts under Tru64 V5.1

From: Williams, David J <David.J.Williams_at_au.faulding.com>
Date: Thu, 16 Nov 2000 17:28:46 +1030

Thanks to Colin Walters and Hoai Tran for responding.

Colin wrote:

        David,

        Take a look at the sysman_cli, which enables you to
        write scripts that use the Sysman Accounts utilities.

        There are sample scripts provided on the system,
        referenced in the sysman_cli.8 reference page.

        You should be able to use it to return and test
        any account attribute.

        Regards,

        Colin

        Colin Walters
        Compaq UNIX Business Segment - Tru64 UNIX Publications Group
        System Administration Documentation
        Nashua, NH USA Tel: 603-884-0440
        http:\\www.zk3.dec.com\~walters (firewalled)
        ONLINE DOCUMENTATION AT:
        http://www.unix.digital.com/faqs/publications/pub_page/doc_list.html
        See our new Best Practices

Hoai Tran wrote:

        Try this

        edauth -g username | sed 's/chkent:/u_lock_at_:chkent:/' | edauth -s

        Hope this helps

        Hoai

        HTran_at_freightcorp.com.au

----------------------------------------------------------------------------

----
What I ended up doing was addressing each of the three reasons in turn.
Using usermod and edauth I found I could modify each of the relevant authcap
database fields:
To fix reason 1, I deleted the u_numunsuclog(number of unsuccessful logins)
entry for username using edauth:
	/usr/sbin/edauth -g ${username}|sed
"s/:u_numunsuclog#[0-9]*//g"|edauth -s
To fix reason 2, I used usermod:
	/usr/sbin/usermod -x administrative_lock_applied=0 ${username}
To fix reason 3, I set the u_succhg(time of last successful password change)
value to the time now, using the C program current_time.c (see below):
	/usr/sbin/edauth -g ${username}|sed
"s/:u_succhg#[0-9]*/:u_succhg#`current_time`/g"|edauth -s 
current_time.c:
/*--------------------------------------------------------------------------
------*/
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
int main()
{
time_t mytime;
mytime = time(NULL);
printf("%ld\n",mytime);
}
/*--------------------------------------------------------------------------
------*/
Regards,
David
David J Williams
Technical Specialist
Information Services
F H Faulding & Co Limited
Tel: +61 8 8408 3450/ Fax: +61 8 8408 3500
mailto:david.j.williams_at_au.faulding.com
http:www.faulding.com
 
> -----Original Message-----
> From:	Williams, David J 
> Sent:	Wednesday, 15 November 2000 17:43
> To:	'tru64-unix-managers_at_ornl.gov'
> Subject:	Command line re-enabling of disabled user accounts under
> Tru64 V5.1
> 
> We have several account maintenance scripts that were written under Tru64
> V4.0F, to enable the UNIX account maintenance tasks to be distributed to
> our support group, and run without the GUI, dxaccounts.
> 
> The account re-enable script no longer works.
> 
> Accounts can become disabled if:
> 
> 1	The number of unsuccessful logins exceeds the max number of
> unsuccessful logins setting
> 
> 2	The system administrator locks the account
> 
> 3	The account lifetime is exceeded
> 
> Under V5.1, the /usr/sbin/usermod -x administrative_lock_applied=0
> username only re-enables an account that was locked by the
> administrator(reason 2 above).
> 
> This usermod command under V4.0F fixed reasons 1 and 2 and 3.
> 
> Does anyone know how else I can script an account re-enable?
> 
> Please respond to me directly and I will summarise.
> 
> TIA,
> 
> David
> 
> David J Williams
> Technical Specialist
> Information Services
> F H Faulding & Co Limited
> Tel: +61 8 8408 3450/ Fax: +61 8 8408 3500
> mailto:david.j.williams_at_au.faulding.com
> http:www.faulding.com
>  
> 

Received on Thu Nov 16 2000 - 07:00:47 NZDT