Roles for creating users and managing pwds

[mhutchins]

I am experimenting with roles on aix 5.3. I did a chrole to add these
authorizations to the ManageAllUsers role: UserAdmin,User
Audit,PasswdAdmin,GroupAdmin,PasswdManage.

I added the role to user sec_user. I did a mkuser matt. That worked
fine. I tried to set the password for matt by doing passwd matt and it
prompted me for matt's old password, but according to man page for
mkuser (and /etc/security/passwd) by default it gets set to *. So I am
stuck trying to figure out what to do in order to allow sec_user to set
matt's passwd initially and in the future.

Thanks!

 

[ggauthier]

From the 'sec_user' account run: pwdadm matt

It will prompt for *your* password, and then allow you to set the user's password.

How does the role you created differ from placing the 'sec_user' in the security group?

 

[mhutchins]

Thanks for the info, but I tried running passwd matt and it wanted to know "Matt's Old password". But of course I hadn't set one. That is the issue.

Also, I think that 'sec_user' had to be in the "security" group to have the ManageAllUsers role. SO it was in there before I tested.

 

[ggauthier]

I didn't suggest running "passwd matt"

I suggested running "pwdadm matt"

pwdadm is available to those accounts in the security group

gg