Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Script to check passwd aging 1

Status
Not open for further replies.
gallows

gallows

Technical User
Jun 12, 2004
223
US
I need a script that will email users when their password is getting ready to expire on Solaris 9 systems. Does anyone have one that I can use? I found a few on the net but they require the email address to be in the /etc/shadow.

Our /etc/passwd file has the persons full name in the comment field but it does not appear in the /etc/shadow file. Is this normal?

Thanks,
Gallows
 
Sort by date Sort by votes
I'd say it would be very unusual for email addresses to be in /etc/shadow, but it should be quite easy to modify one of those scripts you mention to obtain the email addresses elsewhere, or generate them from the full names.

Annihilannic.
 
Upvote 0 Downvote
I have never seen it before either in the shadow file and thought maybe in earlier versions of solaris it was there.

I can't believe Sun doesn't provide a way to monitor passwd aging.
 
Upvote 0 Downvote
There is a passwd option to set a warning that the password will expire in x days. I don't recall what it is off-hand, man passwd will have the answer though.
 
Upvote 0 Downvote
Odds are in the script you found they used the GECOS field to store the e-mail address, along with a few other things. If you are using local accounts you can do as linnorm suggested, but this will not e-mail them. You will probably have to pull out the fields from the shadow field and do some math to get the date it expires. The problem with that though is you need root access to read the shadow file.

You could also run a cron job to copy a dummy shadow file that everyone can read. I would then put the second script in /etc/dt/config/Xsession.d if they login via CDE.

Just a quick sample you will probably have to modify it.

Code: 
#!/sbin/sh
umask 0022
PATH=/usr/bin:/usr/sbin
SHADOW=/etc/shadow
DSHADOW=/etc/shadow.dummy

cat ${SHADOW} | egrep -v "root|daemon|etc" | awk -F: '{print $1,"*LK*",$3,$4,$5,$6,$7,$8}' | sed 's/ /:/g' > ${DSHADOW}

#!/sbin/sh
DSHADOW=/etc/shadow.dummy
DOMAIN=some.domain.com
FILE=/tmp/msg.$$
PWPOLICY=90
WARN=14
EPOCH=`perl -e 'print time;'`
DAYSEPOCH=`expr ${EPOCH} / 86400`
LASTCHG=`grep ^${USER} ${DSHADOW} | awk -F: '{print $3}'`
EXPIRED=`expr ${PWPOLICY} - ${LASTCHG}`

if [ "${EXPIRED}" -lt "${WARN}" ]; then

cat > ${FILE} <<EOF
Dear ${USER},

Your password will expire in ${EXPIRED} days.  Please change it as soon as possible.
EOF

  mailx -s "Password expiring soon." ${USER}@${DOMAIN} < ${FILE}

rm ${FILE}

fi
 
Upvote 0 Downvote
Thanks coffeesym!! I appreciate your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
314
arciua
arciua
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
305
AvayaTier3
AvayaTier3
tekmhe
  • Locked
  • Question
Using a PC, how to delete files from a Sunblade 150 IDE drive?
Replies
3
Views
200
SamBones
SamBones
Harsheel
  • Locked
  • Question
Script to automatically TAR a checkpoint
Replies
0
Views
84
Harsheel
Harsheel
Ramakrishna Jujare
  • Locked
  • Question
Porting applications from AIX to Solaris platform
Replies
0
Views
227
Ramakrishna Jujare
Ramakrishna Jujare

Part and Inventory Search

Sponsor

Back
Top