| # |
| # CDDL HEADER START |
| # |
| # The contents of this file are subject to the terms of the |
| # Common Development and Distribution License, Version 1.0 only |
| # (the "License"). You may not use this file except in compliance |
| # with the License. |
| # |
| # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| # or http://www.opensolaris.org/os/licensing. |
| # See the License for the specific language governing permissions |
| # and limitations under the License. |
| # |
| # When distributing Covered Code, include this CDDL HEADER in each |
| # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| # If applicable, add the following below this CDDL HEADER, with the |
| # fields enclosed by brackets "[]" replaced with your own identifying |
| # information: Portions Copyright [yyyy] [name of copyright owner] |
| # |
| # CDDL HEADER END |
| # |
| |
| Copyright (c) 2001 by Sun Microsystems, Inc. |
| All rights reserved. |
| |
| ident "%Z%%M% %I% %E% SMI" |
| |
| |
| |
| |
| |
| From ALT 2600 FAQ: |
| |
| A-06. What are those weird characters after the comma in my passwd file? |
| |
| The characters are password aging data. Password aging forces the |
| user to change passwords after a system administrator-specified period |
| of time. Password aging can also force a user to keep a password for |
| a certain number of weeks before changing it. |
| |
| ] |
| ] Sample entry from /etc/passwd with password aging installed: |
| ] |
| ] voyager:5fg63fhD3d,M.z8:9406:12:The Voyager:/home/voyager:/bin/bash |
| ] |
| |
| Note the comma in the encrypted password field. The characters after |
| the comma are used by the password aging mechanism. |
| |
| ] |
| ] Password aging characters from above example: |
| ] |
| ] M.z8 |
| ] |
| |
| The four characters are interpreted as follows: |
| |
| 1: Maximum number of weeks a password can be used without changing. |
| 2: Minimum number of weeks a password must be used before changing. |
| 3& 4: Last time password was changed, in number of weeks since 1970. |
| |
| JV: 3 & 4 are in (low,high), where the number of weeks is (low+high*64). |
| |
| |
| Three special cases should be noted: |
| |
| If the first and second characters are set to '..' the user will be |
| forced to change his/her passwd the next time he/she logs in. The |
| passwd program will then remove the passwd aging characters, and the |
| user will not be subjected to password aging requirements again. |
| |
| If the third and fourth characters are set to '..' the user will be |
| forced to change his/her passwd the next time he/she logs in. Password |
| aging will then occur as defined by the first and second characters. |
| |
| If the first character (MAX) is less than the second character (MIN), |
| the user is not allowed to change his/her password. Only root can |
| change that users password. |
| |
| It should also be noted that the su command does not check the password |
| aging data. An account with an expired password can be su'd to |
| without being forced to change the password. |
| |
| |
| Password Aging Codes |
| +------------------------------------------------------------------------+ |
| | | |
| | Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H | |
| | Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | |
| | | |
| | Character: I J K L M N O P Q R S T U V W X Y Z a b | |
| | Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | |
| | | |
| | Character: c d e f g h i j k l m n o p q r s t u v | |
| | Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | |
| | | |
| | Character: w x y z | |
| | Number: 60 61 62 63 | |
| | | |
| +------------------------------------------------------------------------+ |