Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Set for non service accounts

Status
Not open for further replies.

snakernetb

Programmer
Mar 31, 2004
2
US
thread52-1298798

I have the issue were I have a whole bunch of service accounts for applications. Like DB2, Oracle, and Websphere that cannot expire. But I also have the requirement that our auditors want. How can I set it so that service accounts never expire yet user accounts do? I used the script in the reference thread and caused mass chaos. It was easily fixed but I just want this for certain sets of users. Is this possible at a group level? If anyone has any ideas I will be happy to hear them.
 
If you are talking about not wanting the password for certain accounts not to expire than set the maxage flag to 0 for that user in the /etc/security/user file. That is how I do it.

maxage=0

I hope I understood your question.
 
I am aware of the maxage, that is what I am trying to get around. Looks like I am just going to have to try to find a script that sets all service accounts to maxage=0 and user accounts set via the default stanza. Thanks.
 
I think you should be able to do what you need without the script, by editing the /etc/security/user file as juredd1 said.

If you set maxage in the default stanza to a value, and then you create another stanza for each service user, just setting maxage to 0 this should work.

Another way to edit the /etc/security/user file is with chsec command, to edit the default stanza.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top