| blob | d5cf26d8a786424512184572ea1f238464c80ef8 |
1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License, Version 1.0 only
6 # (the "License"). You may not use this file except in compliance
7 # with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
23 Copyright (c) 2001 by Sun Microsystems, Inc.
24 All rights reserved.
26 ident "%Z%%M% %I% %E% SMI"
32 From ALT 2600 FAQ:
34 A-06. What are those weird characters after the comma in my passwd file?
36 The characters are password aging data. Password aging forces the
37 user to change passwords after a system administrator-specified period
38 of time. Password aging can also force a user to keep a password for
39 a certain number of weeks before changing it.
41 ]
42 ] Sample entry from /etc/passwd with password aging installed:
43 ]
44 ] voyager:5fg63fhD3d,M.z8:9406:12:The Voyager:/home/voyager:/bin/bash
45 ]
47 Note the comma in the encrypted password field. The characters after
48 the comma are used by the password aging mechanism.
50 ]
51 ] Password aging characters from above example:
52 ]
53 ] M.z8
54 ]
56 The four characters are interpreted as follows:
58 1: Maximum number of weeks a password can be used without changing.
59 2: Minimum number of weeks a password must be used before changing.
60 3& 4: Last time password was changed, in number of weeks since 1970.
62 JV: 3 & 4 are in (low,high), where the number of weeks is (low+high*64).
65 Three special cases should be noted:
67 If the first and second characters are set to '..' the user will be
68 forced to change his/her passwd the next time he/she logs in. The
69 passwd program will then remove the passwd aging characters, and the
70 user will not be subjected to password aging requirements again.
72 If the third and fourth characters are set to '..' the user will be
73 forced to change his/her passwd the next time he/she logs in. Password
74 aging will then occur as defined by the first and second characters.
76 If the first character (MAX) is less than the second character (MIN),
77 the user is not allowed to change his/her password. Only root can
78 change that users password.
80 It should also be noted that the su command does not check the password
81 aging data. An account with an expired password can be su'd to
82 without being forced to change the password.
85 Password Aging Codes
86 +------------------------------------------------------------------------+
87 | |
88 | Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H |
89 | Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
90 | |
91 | Character: I J K L M N O P Q R S T U V W X Y Z a b |
92 | Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
93 | |
94 | Character: c d e f g h i j k l m n o p q r s t u v |
95 | Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
96 | |
97 | Character: w x y z |
98 | Number: 60 61 62 63 |
99 | |
100 +------------------------------------------------------------------------+