Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
users passwd
- Thread starter xyz786
- Start date
This can be scripted - have seen it done but no longer have access to those systems. 
Basically, you will need to parse the /etc/security/passwd file. For each user stanza, there are 3 lines:
smith:
password = MGURSj.F056Dj
lastupdate = 623078865
flags = ADMIN,NOCHECK
Note: the flags line may be blank. IE: flags =
The lastupdate line is the date (in seconds) when the pw was last updated. You will need to decode this value and then apply whatever your password lifetime is to see if its about to expire. If so, send them (or someone else) an email.
While I dont have a script to do exaclty what you want, here is a perl script I hacked out a while back that converts the time from seconds (lastupdate is in seconds) to an actual date:
#!/bin/perl
#
#
if ($ARGV[0] eq "")
{ print "\n\nUsage: time <time - in seconds>\n\n";
print "IE ./time.pl 1001112970"
}
else
{$input_time=$ARGV[0]}
#
# Get and display current time
#
$curtime=time();
$curdate=localtime($curtime);
print "\ntoday in seconds = $curtime\n";
print "today = $curdate\n\n";
# Convert entered time from seconds to normal date format and display
#
$normal_date = localtime($input_time);
print "Entered seconds (in seconds) = $input_time\n";
print "Entered seconds = $normal_date\n";
PS: there are 86400 seconds in one day.
Basically, you will need to parse the /etc/security/passwd file. For each user stanza, there are 3 lines:
smith:
password = MGURSj.F056Dj
lastupdate = 623078865
flags = ADMIN,NOCHECK
Note: the flags line may be blank. IE: flags =
The lastupdate line is the date (in seconds) when the pw was last updated. You will need to decode this value and then apply whatever your password lifetime is to see if its about to expire. If so, send them (or someone else) an email.
While I dont have a script to do exaclty what you want, here is a perl script I hacked out a while back that converts the time from seconds (lastupdate is in seconds) to an actual date:
#!/bin/perl
#
#
if ($ARGV[0] eq "")
{ print "\n\nUsage: time <time - in seconds>\n\n";
print "IE ./time.pl 1001112970"
}
else
{$input_time=$ARGV[0]}
#
# Get and display current time
#
$curtime=time();
$curdate=localtime($curtime);
print "\ntoday in seconds = $curtime\n";
print "today = $curdate\n\n";
# Convert entered time from seconds to normal date format and display
#
$normal_date = localtime($input_time);
print "Entered seconds (in seconds) = $input_time\n";
print "Entered seconds = $normal_date\n";
PS: there are 86400 seconds in one day.
This is a script whic I use to e-mail users who's passwords are about to expire. You can amend it as required. Note that our expirey time is 56 days.
Ceci n'est pas une signature
Columb Healy
Code:
#! /usr/bin/perl -w
use strict;
my $host = `uname -n`;
chomp $host;
sub send_message
{
my ( $user, $message ) = @_;
open FH, "|mail -s \"Password on $host\" $user\@mailserver"
or die "Unable to open pipe to mail\n";
print FH $message;
close FH;
}
# I'm only interested in users in the group 'helpdesk'
foreach my $user ( split /[,=\n]/, `lsgroup -a users helpdesk` )
{
$user =~ /^helpdesk/ and next; #not intersted in the generic helpdesk user
#use lssec to extract last update
my (undef,$chtime) = split /[=\n]/, `lssec -f /etc/security/passwd -s $user -a lastupdate 2>/dev/null`;
# ignore those who have never updated (new or unused)
$chtime or (print STDERR "$user has never been updated\n"), next;
#calc days from now
$chtime = int ((time - $chtime)/( 60 * 60 * 24 ));
# ignore if changed in last 42 days
$chtime < 42 and next;
# if more than 56 days send expirey message
( $chtime = 56 - $chtime ) <= 0 and
send_message $user, "Your password on $host has expired"
or #send about to expire message
send_message $user, "Your password on $host will expire in $chtime days - please log in and reset it";
}Ceci n'est pas une signature
Columb Healy
unclebrian
Vendor
For interest lsat updated in the stanza is the number of seconds from 1/1/1970
- Status