account locked

[adimstec]

Hello,

I tried to write a script allowing me to know whiwh user is locked or not.

For this purpose, I thought using the command :

# lsuser -a account_locked user_name

If a user is locked, the value of account_locked should be true, but what I noticed is even if this user is locked the display of account_locked is always false.

Can someone enligth me and helping me to find a solution in order to know , by a command, if a user is locked or not.

Thank you in advance

 

[p5wizard]

What is the message you get when you try to login with your 'locked' user? If the attribute account_locked is set to false, then the account is not 'locked'.

But there are other ways to block a user

rlogin=true or false
login=true or false
password can be expired
...

HTH,

p5wizard

 

[adimstec]

the message I get when I try to login with my 'locked' user is :

There have been too many unsuccessful login attempts; please see
the system administrator.


What I want to do is writing a script telling me which user is locked or not, by this way I can manage in advance the users and knowing who is always loosing his passwd for instance.

 

[p5wizard]

off hand (ksh code):

lsuser -a loginretries unsuccessful_login_count ALL|\
sed 's/loginretries=//;s/unsuccessful_login_count=//'|\
while read user max_retries current_retries|\
do
if ((current_retries>=max_retries))
then
echo "user $user has been blocked because of $max_retries password attempts"
fi
done

you take it from here

HTH,

p5wizard

 

[adimstec]

P5wizard,

Thank you again.
You gave me an interresting starting point.

I've writing this script which works :

#!/usr/bin/ksh

lsuser -a loginretries unsuccessful_login_count ALL |grep unsuccessful_login_count | grep -v root | awk -F "=" '{print $1,$2
,$3}' |\
awk '{print $1,$3,$5}' |
while read user max current
do
if [ $current -gt $max ]
then
echo "user $user has been blocked because of $current password attempts"
fi
done


Thankx again