Password aging and NIS

[morgaann]

Does anyone know how I can implement password aging on Solaris 6-9 under NIS?

Any help would be appreciated.

Thanks.

 

[orbotechus]

Password aging parameters are not included in the passwd file format, though the definition for struct passwd has a pw_age element, there it has no field in /etc/passwd. There can be no password aging without supplimental information.

This supplimental information is in /etc/shadow, along with the encrytped password. When NIS maps are built, the encrypted password is taken from shadow entries and included in the passwd.byname and passwd.byuid maps. The format of these maps do not include the aging information.

This means that password aging is not available on NIS clients.

From Volume 1 of Solaris 8 System Administration Guide:

If you are using NIS+ or the /etc files to store user account information, you can set up password aging on a user's password.
There is no password aging if you use NIS. If you are running NIS in C2 security mode, you get the NIS map passwd.adjunct.byname which does contain a password aging field, but it is not used.