Connexion  

   

En ligne  

Nous avons 77 invités et aucun membre en ligne

   

Annexes  

   
   

Note utilisateur: 0 / 5

Etoiles inactivesEtoiles inactivesEtoiles inactivesEtoiles inactivesEtoiles inactives
 

La commande 'pwdadm' permet de gérer les mots de passe des utilisateurs

Par exemple, la commande 'pwdadm -c username' permet d'effacer les différents drapeaux positionnés pour l'utilisateur 'username'.

 

La syntaxe officielle de la version 7.1 est donnée ci-dessous :

 

pwdadm Command

Purpose

       Administers users' passwords.

Syntax

       pwdadm [ -R load_module] [ -f Flags | -q | -c ] User

Description

       The pwdadm command administers users' passwords. The root user or a member of the security group can supply or change the password of the user

       specified by the User parameter. The invoker of the command must provide a password when queried before being allowed to change the other

       user's password. When the command executes, it sets the ADMCHG attribute. This forces the user to change the password the next time a su

       command is given for the user.

       Note: The behavior described for this command is for a local user. For users defined in a remote domain, attributes will be retrieved and

       stored in the remote domain rather than in the local files.

       Root users and members of the security group should not change their personal password with this command. The ADMCHG attribute would require

       them to change their password again the next time a login command or an su command is given for the user. Only the root user or a user with

       PasswdAdmin authorization can change password information for administrative users, who have the admin attribute set to true in the

       /etc/security/user file.

       Only the root user, a member of the security group, or a user with PasswdManage authorization can supply or change the password of the user

       specified by the User parameter.

       When this command is executed, the password field for the user in the /etc/passwd file is set to ! (exclamation point), indicating that an

       encrypted version of the password is in the /etc/security/passwd file. The ADMCHG attribute is set when the root user or a member of the

       security group changes a user's password with the pwdadm command.

       A new password must be defined according to the rules in the /etc/security/user file, unless the -f NOCHECK flag is included. Only 7-bit

       characters are supported in passwords. By including the -f flag with the pwdadm command, the root user or a member of the security group can

       set attributes that change the password rules. If there is no password entry in the /etc/security/passwd file when the -f flag is used, the

       password field in the /etc/passwd file is set to ! (exclamation point) and an * (asterisk) appears in the password= field to indicate that no

       password has been set.

       The -q flag permits the root user or members of the security group to query password information. Only the status of the lastupdate attribute

       and the flags attribute appear. The encrypted password remains hidden.

       The -c flag clears all password flags for the user.

Flags

       Item

           Description

       -c

           Clears all password flags for the user.

       -f Flags

           Specifies the flags attribute of a password. The Flags variable must be from the following list of comma-separated attributes:

             NOCHECK

                   Signifies that new passwords need not follow the guidelines established in the /etc/security/user file for password composition.

             ADMIN

                   Specifies that password information may be changed only by the root user. Only the root user can enable or disable this attribute.

             ADMCHG

                  Resets the ADMCHG attribute without changing the user's password. This forces the user to change passwords the next time a login

                   command or an su command is given for the user. The attribute is cleared when the user specified by the User parameter resets the

                   password.

       -q

           Queries the status of the password. The values of the lastupdate attribute and the flags attribute appear.

       -R load_module

           Specifies the loadable I&A module that is used to change the user's attributes.

Security

       Access Control: Only the root user and members of the security group should have execute (x) access to this command. The command should have

      the trusted computing base attribute and be setuid to the root user to have write (w) access to the /etc/passwd file, the /etc/security/passwd

       file, and other user database files.

       Files Accessed:

       Mode

           File

       rw

          /etc/passwd

       rw

           /etc/security/passwd

       r

           /etc/security/user

       Auditing Events:

       Event

           Information

       PASSWORD_Change

           user

       PASSWORD_Flags

           user, flags

       Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged

       operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges

       and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

       1   To set a password for user susan, a member of the security group enters:

           pwdadm susan

           When prompted, the user who invoked the command is prompted for a password before Susan's password can be changed.

       2   To query the password status for user susan, a member of the security group enters:

           pwdadm -q susan

           This command displays values for the lastupdate attribute and the flags attribute. The following example shows what appears when the

           NOCHECK and ADMCHG flags attributes are in effect:

           susan:

                    lastupdate=

                   flags= NOCHECK,ADMCHG

Files

       Item

           Description

       /usr/bin/pwdadm

           Contains the pwdadm command.

       /etc/security/passwd

           Contains password information.

       html

 

   
© ALLROUNDER