Professional Web Applications Themes

Identifying users with expired passwords - Sun Solaris

Is there an easy way of identifying users with expired passwords from /etc/shadow or via other means?...

  1. #1

    Default Identifying users with expired passwords

    Is there an easy way of identifying users with expired passwords from
    /etc/shadow or via other means?


    Matt Guest

  2. #2

    Default Re: Identifying users with expired passwords

    Matt <net> wrote: 

    Hmm... I don't know of one. Seems like there should be some such
    facility.

    Except for the "days of inactivity" (which I'm not sure where that's
    stored), you could manually calculate "expiration" and "max passwd days"
    and display them.

    This *might* work (no guarantees, and I'm worried that the date
    calculation may be off-by-one).

    #!/bin/perl -w
    use strict;

    my $epoch_days = int(time / (60 * 60 * 24));

    open(SHADOW, "/etc/shadow") or die "Cannot open shadow file. $!\n";
    while(<SHADOW>)
    {
    my line = split('\:');
    if ($line[7] ne "" and $epoch_days > ($line[7] + 0))
    {
    print "Account $line[0] has expired.\n";
    next;
    }
    if ($line[2] ne "" and $line[4] ne "" and
    $epoch_days > ($line[2] + $line[4]))
    {
    print "Account $line[0] has exceeded the time to change
    passwds.\n";
    next;
    }
    }

    --
    Darren Dunham com
    Unix System Administrator Taos - The SysAdmin Company
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >
    Darren Guest

  3. #3

    Default Re: Identifying users with expired passwords

    "Matt" <net> wrote in message news:<3f783b55$0$8769$news.pipex.net>... 

    here is a way to do it :

    # today=`truss date 2>&1 |grep time | nawk '{printf "%d", $3/86400}'`
    # nawk -F: -v now=$today '$8 != "" && $8 < now {print $1}' /etc/shadow

    awkish way but it works ...

    first line gets number of days from EPOCH (if anyone knows a better
    way !)
    second line compares 8th field of /etc/shadow with today date and
    print login if lower.

    hop it will help !

    F.
    Francois Guest

  4. #4

    Default Re: Identifying users with expired passwords

    In article <google.com>,
    univ-paris8.fr (Francois Napoleoni) writes: 
    >
    > here is a way to do it :
    >
    > # today=`truss date 2>&1 |grep time | nawk '{printf "%d", $3/86400}'`
    > # nawk -F: -v now=$today '$8 != "" && $8 < now {print $1}' /etc/shadow
    >
    > awkish way but it works ...
    >
    > first line gets number of days from EPOCH (if anyone knows a better
    > way !)[/ref]


    If you have perl (Solaris 8 and later includes it):

    today=`perl -e 'printf "%ld\n",time()/86400;'`

    otherwise, at least get rid of the excess output of truss and the redundant
    grep/nawk combination:

    today=`truss -t time date 2>&1|nawk '$1=="time()" {printf "%d\n",$3/86400}'`

    (note: grep/nawk together isn't always redundant, since grep can eliminate
    long lines that would choke nawk. But it isn't a problem in this case,
    especially if truss output is limited to just the time syscall)

     

    Of course if you have perl, you can do the second line's worth of
    work in the perl script, too:

    #!/usr/bin/perl

    $now=int(time()/86400);

    open(SHADOW, '/etc/shadow') || die 'Cannot open file "/etc/shadow".';

    while (<SHADOW>) {
    chomp;
    Fld = split(':', $_, 9);
    if ($Fld[7] != '' && $Fld[7] lt $now) {
    print $Fld[0] . "\n";
    }
    }

    close(SHADOW);


    --
    mailto:smart.net http://www.smart.net/~rlhamil
    Richard Guest

  5. #5

    Default Re: Identifying users with expired passwords

    Thanks guys, i've now managed to write a C program to do this but your input
    was most useful.

    Matt


    Matt Guest

  6. #6

    Default Re: Identifying users with expired passwords

    In article <3f7d7643$0$8765$news.pipex.net>,
    "Matt" <net> writes: 

    Care to post it?

    --
    mailto:smart.net http://www.smart.net/~rlhamil
    Richard Guest

Similar Threads

  1. Identifying Users
    By jonesdw in forum Macromedia Contribute Connection Administrtion
    Replies: 0
    Last Post: January 20th, 03:43 AM
  2. Changing Expired Oracle Passwords w/ ASP
    By ecPunk in forum ASP Database
    Replies: 3
    Last Post: February 14th, 12:42 PM
  3. users and passwords
    By Matt Schroeder in forum PHP Development
    Replies: 2
    Last Post: July 15th, 05:16 AM
  4. Identifying super users
    By tunity5@yahoo.com in forum Oracle Server
    Replies: 2
    Last Post: January 14th, 09:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139