NAME
getprpw — display protected password database
SYNOPSIS
getprpw
[-l
[-r]
[-m
parm[,parm]]
username
DESCRIPTION
getprpw
displays the user's protected password database settings.
This command is available only to the superuser in a trusted system.
Normally it is only used via SAM, see
sam(1M).
getprpw
uses the
/etc/nsswitch.conf
configuration file default if
-l
is not specified.
See
nsswitch.conf(4).
Options
getprpw
recognizes the following options.
- -l
Specifies to get information from the local user.
- -r
Displays the arguments supplied to
-m
in raw format
- -m
Displays the database value for the argument passed.
An "invalid-opt" is printed if a list of options passed to
-m
contains an invalid option. The rest of the options
will be processed. If
getprpw
is specified without
-m,
all parameters are displayed in the order given below.
Boolean values are returned as
YES,
NO,
or
DFT
(for system default values in
/tcb/files/auth/system/default).
Numeric values are specified as positive numbers, 0, or -1.
A value of -1 indicates that the field has not been assigned
a value in the database.
Units of time are returned in number of days (>=0), although
the database keeps them in seconds. This and other minor
differences between the command parameters and the database
fields are consistent with
modprpw(1M).
The following parameters for the user can be displayed using the
-m
option.
They are listed below in the order shown in
prot.h.
The database fields are fully explained in
prpwd(4).
- uid
user uid
- bootpw
boot authorization flag
- audid
audit id
- audflg
audit flag
- mintm
minimum time between password changes
- maxpwln
maximum password length
- exptm
password expiration time
- lftm
password lifetime
- spwchg
last successful password change time
- upwchg
last unsuccessful password change time
- acctexp
account expiration time
- llog
last login time interval
- expwarn
password expiration warning time
- usrpick
whether user picks password,
YES/NO/DFT
- syspnpw
whether system generates pronounceable passwords,
YES/NO/DFT
- rstrpw
whether password is restricted, i.e, checked for triviality,
YES/NO/DFT
- nullpw
NULL passwords are allowed,
YES/NO/DFT.
Not recommended!
- syschpw
whether system generates passwords having characters only,
YES/NO/DFT
- sysltpw
whether system generates passwords having letters only,
YES/NO/DFT
- timeod
time of day allowed for login
- slogint
time of last successful login
- ulogint
time of last unsuccessful login
- sloginy
tty of last successful login
- culogin
consecutive number of unsuccessful logins so far
- uloginy
tty of last unsuccessful login
- umaxlntr
maximum unsuccessful login tries
- alock
administrator lock,
YES
if on,
NO
if off,
DFT
if not set.
- lockout
returns the reason for a lockout in a "bit" valued string,
where 0 = condition not present, 1 is present. The position,
left to right represents:
1 past password lifetime
2 past last login time (inactive account)
3 past absolute account lifetime
4 exceeded unsuccessful login attempts
5 password required and a null password
6 admin lock
7 password is a *
RETURN VALUE
- 0
success
- 1
user not privileged
- 2
incorrect usage
- 3
cannot find the password file
- 4
system is not trusted
EXAMPLES
Displays the database aging fields for user "someusr".
getprpw -m mintm,exptm,expwarn,lftm someusr
The command displays:
mintm=1, exptm=2, expwarn=-1, lftm=3
WARNINGS
This command is intended for SAM use only.
It may change with each release and can not be guaranteed
to be backward compatible.
Several database fields interact with others.
The side effects of an individual change may not cause a
problem till much later.
Special meanings may apply in the following cases:
a field with a zero value
HP-UX 11i Version 3 is the last release to support
trusted systems functionality.
AUTHOR
getprpw
was developed by HP.
FILES
- /etc/passwd
System Password file
- /tcb/files/auth/*/*
Protected Password Database
- /tcb/files/auth/system/default
System Defaults Database
Printable version
