Search This Blog

Wednesday, December 9, 2009

Disable Password Aging in Solaris 10

I am all about Security. However, on a small secluded development environment... Being prompted to change the password on your development machine when you are in a hurry to make a change before a meeting can be a real pain. Quickly and Simply it is done like this:

edit the file /etc/default/passwd

Disable the aging attributes:
MAXWEEKS=
MINWEEKS=

Save.

Next you will have to change the shadow file. This file contains all the information on your server's users. Here is an example:

/etc/shadow

admin:zov983yf923jNI:14587:63:63:7:::

The two numbers i have listed represent the number of days until you can change your password and the number of days until your password expires. Simple remove the numbers so that it looks like this:

admin:zov983yf923jNI:14587:::7:::

*Reminder: The shadow file is Read-only. to change it you must first allow write by owner (root). To do this:

# chmod 600 /etc/shadow

Rememeber to change it back to read only when you are finished. (chmod 400 /etc/shadow)

Now you can change that user password and it will not age.