password aging

[Doug Gwyn]

In article <1991Mar11.185411.2414 at ssd.kodak.com>, dcox at ssd.kodak.com (Don Cox) writes:
> System type: Sun4/280, SunOS4.1.1
> I am looking for a script that I can implement on my system that will
> prompt the users to change their password every xx days.  Thanks.

I would be surprised if SunOS 4.1.1 did not already support password
aging using a somewhat different mechanism.  The usual scheme, added
in some long-past release of UNIX System V, tacks an extra subfield
onto the password in /etc/passwd, using a comma delimiter between the
subfields.  The aging information is contained in the new subfield.
Presumably this is explained somewhere in the manual, if it is
supported.

It is probably also worth noting that in most cases, forcing a change
of password periodically actually reduces system security, rather than
enhancing it as is probably the intention.  Unless a password is
compromised, if it was secure in the first place there is no reason
not to stick with it.

Note also that SunOS 4.x supports "shadow" passwd and group files,
which hide the encrypted passwords, preventing use of password-
cracking programs.  I highly recommend using this feature.