Sidebar 4: Man Page for modprpw

NOTE. This is an undocumented command and not supported for direct use by end users.

The documentation below has been gathered from multiple sources, inferred or developed empirically. No warranty is provided for its accuracy, completeness or use.

NAME

modprpw - modify a user's protected database

USAGE

modprpw [-A][-E|V][-e|v][-k][-w][-x] [-m opt=value[,opt=value]] logonid

modprpw updates the user Protected Database options with the values specified. It is the users responsibility to validate all options and values before execution.

Any fields not specified remain unchanged in the database.

OPTIONS

-A Add a new user. Requires -m uid=value and returns the admin number the user must use as a password to login the first time. Logonid must not already exist and can not be used with -k, -w or -x options.

-E Expire all passwords by removing the last successful login time from all users. All users will need to enter new passwords at next login. Loginid or any other options are not valid with this option.

-e Expire the password of a specific logonid.

-k Unlock or re-enable a specific logonid.

-m Modify option specified below. If an invalid option is provided, "invalid-opt" will be displayed and processing terminated. -m options are valid only with -A (add new user) or -k (unlock user).

Boolean values are specified as YES, NO or DFT (default). The value=-1 indicates that the value in the database is to be removed, and the system default value used.

Options:

uid=value logonid's uid

bootpw=YES/NO boot authorization flag

audid=value audit id

audflg=value audit flag

mintm=value minimum days allowed between password changes

exptm=value password expiration time in days

lftm=value password lifetime in days

acctexp=value account expiration in calendar date format

llog=value maximum time allowed between logins in days

expwarn=value password expiration warning time in days

usrpick=YES/NO/DFT user allowed to pick passwords

nullpw=YES/NO/DFT null passwords allowed (NOTRECOMMENDED!)

maxpwln=value maximum password length allowed

rstrpw=YES/NO/DFT restricted passwords - checked for triviality

syspnpw=YES/NO/DFT system generates pronounceable passwords

syschpw=YES/NO/DFT system generates character only passwords

sysltpw=YES/NO/DFT system generates letter only passwords

admnum=value administrative number assigned

timeod=value time of day allowed for login

umaxlntr=value maximum number of unsuccessful logins allowed

alock=YES/NO/DFT administrative lock

The format of the timeod value is:

key0Starttime-Endtime,key1Starttime-Endtime,...

keynStarttime-Endtime

key has the value:

Mo - Monday

Tu - Tuesday

We - Wednesday

Th - Thursday

Fr - Friday

Sa - Saturday

Su - Sunday

Any - all days

Wk - Monday - Friday

Starttime and Endtime are hhmm 24 hour format times wherehh = 00 - 23, and mm = 00 - 59

-V Start password aging for all users by setting the last successful login time to the curent time. No logonid or other arguments are allowed.

-w Change the logonid's encrypted password. Not valid with any other option.

Use:

-w encrypted_password

-x Remove user's password and return an admin number the user must logon with and pick a new password. Not valid with any other option.

RETURN VALUES

0 success

1 user not privileged

2 incorrect use

3 protected database not found for logonid

4 can not change entry