I need to be able to send an email to a user X days before their password is going to expire. I will have a .forward file to point to their M$ Exchange account. I can't find an easy way to determine when X user account is going to expire. Sorry, but I am an HPUX guy and don't have much exp in AIX.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
simple command to determine password expiration
- Thread starter cescheer
- Start date
Here's our method:
There are three key components:
a) the last time the password was changed
b) the maxage of the password (in weeks)
c) the password warning time (number of days to warn)
To gather the data
a) lssec -f /etc/security/passwd -s accountname -a lastupdate
b) lsuser -a maxage accountname
c) lsuser -a pwdwarntime accountname
All of the time is noted in "seconds since the epoch"
The password expiration time is calculated for "accountname" by taking the last update time and adding the number of seconds in "maxage" (that would be maxage * 604800).
604800 is the number of seconds in a week.
Then back off by the pwdwarntime (password expiration time minus (pwdwarntime * 86400). That tells you when the password warning will start.
Then check if that time is greater than the current time. You can use perl to get the current time in the format of number of seconds since epoch. e.g., perl -le 'print scalar time ';
If the current time is greater than the password warning time, then email the user. Run this once per day, and they will get a daily reminder until the password is changed.
-glenn
There are three key components:
a) the last time the password was changed
b) the maxage of the password (in weeks)
c) the password warning time (number of days to warn)
To gather the data
a) lssec -f /etc/security/passwd -s accountname -a lastupdate
b) lsuser -a maxage accountname
c) lsuser -a pwdwarntime accountname
All of the time is noted in "seconds since the epoch"
The password expiration time is calculated for "accountname" by taking the last update time and adding the number of seconds in "maxage" (that would be maxage * 604800).
604800 is the number of seconds in a week.
Then back off by the pwdwarntime (password expiration time minus (pwdwarntime * 86400). That tells you when the password warning will start.
Then check if that time is greater than the current time. You can use perl to get the current time in the format of number of seconds since epoch. e.g., perl -le 'print scalar time ';
If the current time is greater than the password warning time, then email the user. Run this once per day, and they will get a daily reminder until the password is changed.
-glenn
Here's my perl solution witten for all users in the group 'helpdesk'. Amend as required
Columb Healy
Code:
#! /usr/bin/perl -w
use strict;
my $host = `uname -n`;
chomp $host;
sub send_message
{
my ( $user, $message ) = @_;
open FH, "|mail -s \"Password on $host\" $user\@mailhost"
or die "Unable to open pipe to mail\n";
print FH $message;
close FH;
}
foreach my $user ( split /[,=\n]/, `lsgroup -a users helpdesk` )
{
$user =~ /^helpdesk/ and next;
my (undef,$chtime) = split /[=\n]/, `lssec -f /etc/security/passwd -s $user -a lastupdate 2>/dev/null`;
$chtime or (print STDERR "$user has never been updated\n"), next;
$chtime = int ((time - $chtime)/( 60 * 60 * 24 ));
$chtime < 42 and next;
( $chtime = 56 - $chtime ) <= 0 and
send_message $user, "Your password on $host has expired" or
send_message $user, "Your password on $host will expire in $chtime days - please log in and reset it";
}Columb Healy
- Status