Extracting Password User Name and Expiration Date

[HearnSnead]

Wondering if anyone can help, my Unix is rusty at best.

We run Lawson Financial software on an HPUX11 box. The users can change their password within Lawson at anytime provided it hasn't expired in Unix, then IS (namely me) has to get involved.

I was playing around with the cut command to extract the user name and date password last changed from the /etc/passwd file (all expire in 12 weeks from that date). I would like to calculate one week prior to the expiration and have the script email the users a reminder to change the password.

Any help or suggestions would be much appreciated.

 

[vikramkalsi]

Hi,
I have a script yesterday.sh which calculates yesterday's date or the date before the supplied arguments. You can run this in a loop to get the date prior to a week. You can try to modify the script to get 7 days back date directly, but I think it will amount to almost the same logic.
------------Start yesterday.sh---------------------------

#This is how I define a function in UNIX shell scripts
get_one_day_before_specified_date()
{
    # get the command line input ( date month and year )
    day=$1
    month=$2
    year=$3
 
    # if it is the first day of the month
    if [ $day -eq 01 ]
    then
        # if it is the first month of the year
        if [ $month -eq 01 ]
        then
            # make the month as 12
            month=12
 
            # deduct the year by one
            year=`expr $year - 1`
        else
            # deduct the month by one
            month=`expr $month - 1`
        fi
        
        # use cal command, discard blank lines, take last field of last line  
        # first awk  command is used to get the last useful line of the calendar command
        # second awk command is used to get the last field of this last useful line
        # NF is no. of fields,  $NF is value of last field
        day=`cal $month $year | awk 'NF != 0{ last = $0 }; END{ print last }' |  awk '{ print $NF }'`
    else
        # deduct the day by one
        day=`expr $day - 1`
    fi

    echo $day-$month-$year
}

#!/bin/ksh
if [ $# -ne 3 ]
then
    d=`date +%d`
    m=`date +%m`
    y=`date +%Y`
else
    d=$1
    m=$2
    y=$3
fi    

#Cnd line arguments are captured in a shell script thru $1 $2 $3, ......., $9,${10} (not $10),${11}...
# this is how we call unix user-defined functions, notice it is not junk123( $1, $2, $3 ) format
get_one_day_before_specified_date $d $m $y

--------------end yesterday.sh----------------------------

Do let me know if you find it useful.

Regards
-Vikram.

 

[morehouser390]

I was wondering if you found a solution to notify the users by email with the time left for their password to expire.

I am on hp-ux 11.0 and trying to do the same thing.

I appreciate any help.

Thanks a lot

 

[morehouser390]

Got an answer!!!!

DOCUMENT
A common question on trusted systems with password aging enabled is to list the time left until user's passwords expire.

The following script lists the number of days left until the password expires, the date it expires and the last time it was changed.
If the password is about to expire within the next day, it can reset the last change time.

The script checks if system wide password aging is enabled, and if password aging for each user is enabled.

It uses a C program called 'time' to obtain the current time.

NOTE: The script does not work for NIS+ users.

NOTE: This script is not supported by HP. Use at your own risk.


To use the script:
# cd /tmp
# cc -otime time.c
# chmod 755 time
# chmod 755 user_expire.sh

Example output with password aging enabled:
# user_expire.sh
System wide password aging is enabled.

User user1: password will expire within one day.

User user2 has 181 days left until password expires User user2 last changed the password on: Mon Dec 16 12:53:01 2002.
User user2 - password will expire on: 2003 Jun 16.


time.c
======
#include <time.h>

main()
{
printf("%ld\n",time(NULL));
}


user_expire.sh
==============
#!/usr/bin/sh
# Show users in a trusted system whose passwords are about to expire # Reset the u_succhg (spwchg) last successful password change time

set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin

integer exp_time
integer exp_date
integer current_time
integer last_change
integer time_left
integer days_left
integer seconds_per_day=86400
integer system_wide_aging
integer user_aging

NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi

if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi

system_wide_aging=$(/usr/lbin/getprdef -r -m exptm) if [ $system_wide_aging -eq 0 ] then
print "System wide password aging is disabled.\n"
else
print "System wide password aging is enabled.\n"
fi

for USER in $(listusers | awk '{print $1}') do
user_aging=$(/usr/lbin/getprpw -r -m exptm $USER)
if [ $user_aging -eq "0" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi

if [ $system_wide_aging -eq 0 ]
then
if [ $user_aging -eq "-1" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
fi

U=$(echo $USER|cut -c 1)

exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
current_time=$(./time)

passwd_changed=$(grep u_succhg /tcb/files/auth/$U/$USER)
if [ $? = 1 ]
then
print "\nUser $USER does not have valid last successful password"
print "change date. This can happen if tsconvert is used on"
print "the command line to convert the system, instead of SAM."
continue
fi

last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )

((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / seconds_per_day))

last_change_date=$(getprpw -r -m spwchg $USER)
expire_date=$(echo 0d${exp_date}=Y | adb | cut -c 3-13)

if [ $days_left -gt 1 ]
then
print "\nUser $USER has $days_left days left until password expires"
print "User $USER last changed the password on: $last_change_date."
print "User $USER - password will expire on: $expire_date."
else
print "\nUser $USER: password will expire within one day."
# modprpw -l -v $USER
fi
done

exit 0


Note: If the system has PERL installed, the script can use PERL instead of
the 'time' C program. In that case change the line
current_time=$(./time)
to
current_time=$(/opt/perl/bin/perl -e "print time")


ALT KEYWORDS
passwd password expire expiration trusted