[HPADM] Trusted system conversion problems

In September, I converted an old 10.20 legacy system to trusted mode for a customer and tried to patch it from old archives. We need to keep it running another 6-12 months.

PROBLEM 1

During the trusted conversion, I set password expiration time to 60 and password expiration to 7. This past weekend, all of the passwords expired; however, there was no advance warning message received by anyone.

During the conversion, I removed sendmail from /sbin/rc2.d since the system does not send or receive mail with other systems.

Would this have caused the problem?

Does sendmail have to be running to receive password expiration warnings?

PROBLEM 2

Terminal security policies were set during conversion to a max of 15 unsuccessful login tries. We naturally then had a workstation where the user tried 15 times to login and failed, then moved to another workstation without advising anyone.

Is there a way to run a daily script outside sam that will enable a system administrator to determine all terminals that have been inactivated?

I thought there may be a way using /usr/lbin/getprterm; however, I cannot find any documentation on this command. There does not appear to be a way to grep /tcb/files/ttys for such a value.

PROBLEM 3

Is there a way to run a daily script outside sam that will identify all user accounts that have been inactivated due to failed logins?

I found some documentation on getprpw; however, it appears you have to supply the name of an individual user each time it is run.



Thanks.

Willis Gregory
wgregory@xxxxxxx



--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@xxxxxxxxxxxxx
Name: hpux-admin@xxxxxxxxxxxxx Owner: owner-hpux-admin@xxxxxxxxxxxxx

Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)