[SunHELP] root passwd expired

[Steve Sandau]

>> We now have a console server so I can get to the console and aviod
>> stuff like this.
> 
> 
> Graphical or serial?  Can anyone confirm that it will work on the
> latter? I do not believe in heads and keyboards on Suns.

Cyclades serial console server (actually runs embedded Linux) that is
accessible over the network. Yes, you can change root password there; it
is just a serial connection as far as the OS knows.

> 
>>> I have to say that I have been quite tempted to make root "*NP*"
>>> on the Solaris 9 boxes and then just install public keys for each
>>> of us that have to admin the boxes, but I know that on some
>>> bloody horror story day I'd regret that choice.
>> 
>> I'd rather not have anyone logging in directly as root on the boxes
>> I admin. In fact, I think the "rules" may forbid that expressly.
> 
> Sometimes you have to though, depending on what's going on with the
> box. <knocks wood> Haven't had but a couple of those here.

To log in as root you need to be on the console with our machines, but a
root login is avaliable nonetheless.

> 
>> Only thing I have done is write on the calendar the next time we
>> need to change the root password. I guess you could set up a cron
>> to email you once every password-change-period or something like
>> that. Maybe I'll look into that: an email when the password
>> expiration is 10 days away or something.
> 
> 
> That's what we are doing now.  Quite easy with a shell script if you
> have Gnu tools installed, with base Solaris, the only method we found
> was with Perl.

Yes, I noticed that the Solaris 'date' command does not take +%s like 
gnu date does.

Oh, and expiring the root password gives us the advantage of obeying the 
DON rules as implemented here.

Steve