HP Sentry User Manual

Section 2 - 14

SENTRY User’s Guide

Fitzgerald & Long

new password for 90 days before he was forced by UNIX to enter a new password. This is 90 calendar
days.

3. Password change warning (days): Enter the number of days before a new password is required
that you would like UNIX to warn the user that his password is about to expire. We recommend 5 days.

4. Maximum inactive time (days): This field is used to protect inactive logins. For example, if a user
did not use his login id for a specified number of days such as 21, UNIX would automatically expire the
password. At that time the system administrator will have to re-instate the password to allow logins for
that user id. Enter the number of days the login can remain active before it is expired.

5. Expiration date (MM/DD/YY): There may be login ids which are created for short term use such as
for auditors or seasonal employees. You may wish to enter a date when the login id will expire for these
types of users.

The last line of the screen is:

Enter field number, “F”ile or “<ESC>” to exit:

If you wish to modify any of the fields, 1 through 5, enter the number of the field you wish to change
followed by <ENTER>. After you have made changes enter “F” to file/save your changes. To exit the
program without saving any changes, enter <ESC>. You will be returned to the “User Maintenance”
screen.

In UNIX every file has an owner and a group. The references to owners and groups are the UID and the
GID for each. The actual names are NOT stored, only the number. The numbers are translated to names
by various UNIX utilities through a “lookup” process in the passwd and group files. If a user is deleted
who owns files, his UID will continue to be the “owner”. Because this relationship between user IDs,
UIDs and file ownership is only a logical link, it is common to find files with UIDs which don’t exist on
the system. This can be a serious security problem should the System Administrator delete a user ID
(where the user was a file owner) and later reassign that old user’s UID to a new user. It is possible that
the new user would then have access to files he should not be allowed to use. SENTRY will notify the
System Administrator of this issue when a user ID is deleted.

If you delete a user ID who shares the same UID with another user and that UID “owns” files, the delete
will proceed without notification. You will be able to recognize this condition because the display for UID
on the User Profile screen will list all users with the same UID.

When a user is deleted who “owns” files and the UID is unique, SENTRY will advise the Administrator
and offer a menu of four choices. Here is an example of this screen.

To invoke the Custom User Data Maintenance screen enter “C” followed by <ENTER>. The fields and
prompts in this screen are dependent upon the brand (e.g. HP, DG, SUN, IBM) of computer you have.
Please locate the appropriate documentation in the following pages. If you do not find documentation
which matches the Custom screen on your copy of Sentry, please give us a call.