Set for non service accounts

[snakernetb]

thread52-1298798

I have the issue were I have a whole bunch of service accounts for applications. Like DB2, Oracle, and Websphere that cannot expire. But I also have the requirement that our auditors want. How can I set it so that service accounts never expire yet user accounts do? I used the script in the reference thread and caused mass chaos. It was easily fixed but I just want this for certain sets of users. Is this possible at a group level? If anyone has any ideas I will be happy to hear them.

 

[juredd1]

If you are talking about not wanting the password for certain accounts not to expire than set the maxage flag to 0 for that user in the /etc/security/user file. That is how I do it.

maxage=0

I hope I understood your question.

 

[snakernetb]

I am aware of the maxage, that is what I am trying to get around. Looks like I am just going to have to try to find a script that sets all service accounts to maxage=0 and user accounts set via the default stanza. Thanks.

 

[MoreFeo]

I think you should be able to do what you need without the script, by editing the /etc/security/user file as juredd1 said.

If you set maxage in the default stanza to a value, and then you create another stanza for each service user, just setting maxage to 0 this should work.

Another way to edit the /etc/security/user file is with chsec command, to edit the default stanza.