Cisco Headend System Release 2.7 Installation Guide
Appendix C
Managing Default User Passwords and Password Expiration Settings
82
78-4021167-01 Rev D
Change Default User Passwords and Password
Expiration Settings
We recommend that, at a minimum, you change the default password for the root
role and the dncs role in order to increase the level of security on the RNCS.
You should not change the informix and dncsSSH passwords as these accounts are
You should not change the informix and dncsSSH passwords as these accounts are
locked by default. Additionally, changing the pcgrequest and pcgscp user
passwords is not absolutely necessary because these accounts are not used directly
by an operator and do not support normal login shells. Changing the easftp and
dncsftp passwords should be done only in coordination with the administrator of
the EAS, ISDS, and the RNCS, respectively.
The root, dncsSSH, informix, easftp, and any custom accounts, as well as the dncs
The root, dncsSSH, informix, easftp, and any custom accounts, as well as the dncs
role, all have password-aging set by default. These passwords will expire after 13
weeks. You can modify this expiration if the operator does not want to manage
password expiration on the RNCS.
CAUTION:
The RNCS or components within the RNCS will become unstable if the
The RNCS or components within the RNCS will become unstable if the
default password of the user (root, dncs, dncsSSH, informix, or easftp) expire.
The RNCS system administrator MUST ensure that these passwords do NOT
expire. It is imperative that password-aging be disabled unless the RNCS
system administrator ensures these account passwords do not expire.
1 If necessary, open an xterm window on the RNCS as root user.
2 Select one of the following options:
2 Select one of the following options:
If password-aging is not desired on this system, go to step 3.
If password-aging is desired on this system, skip to step 9.
3 Open the /etc/default/passwd file with a text editor.
4 Change the MAXWEEKS and WARNWEEKS parameter values to -1.
5 Save and close the file.
6 Type more /etc/default/passwd and then press Enter. The MAXWEEKS and
4 Change the MAXWEEKS and WARNWEEKS parameter values to -1.
5 Save and close the file.
6 Type more /etc/default/passwd and then press Enter. The MAXWEEKS and
WARNWEEKS should look like the following example:
MAXWEEKS=-1
WARNWEEKS=-1
MAXWEEKS=-1
WARNWEEKS=-1
7 Repeat the following step for the root, dncs, dncsftp, and easftp account names to
disable password expiration:
Type passwd -r files -x -1 [accountName] and then press Enter.
Note: Replace [accountName] with the appropriate account name — root, dncs,
Type passwd -r files -x -1 [accountName] and then press Enter.
Note: Replace [accountName] with the appropriate account name — root, dncs,
dncsftp, or easftp.