Sun One Directory Server

[xenia123]

Hi

I'm administering a directory server 5.2. Now, I need to add some shadow attributes to each user (over 100 users, i wrote a script to modify these attributes) The Problem is, I don't know which attributes must be added that the password of each user must be changed at first logon, its maximum is 90 days, minimum is 30 days and the password should be inactive when maximum password has expired (after 90 days).

Can somebody help me?

Thank you in forward
xenia

 

[bfitzmai]

Xenia,
Here is a link to a page that breaks down the entries in the file /etc/shadow.

http://www.informit.com/articles/article.asp?p=31215&seqNum=3&rl=1

 

[xenia123]

Thanks for the link, bfitzmai.

i implemented all this things with the following entries, but nothing happened

objectclasses:
shadowAccount
top
posixAccont
account

shadow attributes:

shadowExpire is 3
shadowMax is 4
shadowMin is 1
shadowWarning is 1
shadowLastChange is 1

These are the flags listed in the shadow manual.. i'm not sure about LastChange.. should it be 0 or 1? I thought when shadowWarning is reached, there will be a prompt, who asks me to change my password.. isn't it like this?

greets
xenia

 

[bfitzmai]

The Last Changed entry should be the number of days since January 1st 1970 and the date of the last change... Should be a large number. The Expiration entry is based on Januart 1st 1970 also. Your best bet may be to set up a temp account using admintool or smc and set all the entries you want... Then look at the shadow file and see how the temp account entry is set up...

 

[xenia123]

Thank you for the hint But is there a way like a command to get the numbers of days since January 1st 1970? If so, i could include it into my script to modify all user entries in the ldap.. ? That would be very useful

regards

 

[bfitzmai]

There has got to be... Try "man time"... I know the time command is based on the same January 1st 1970 date... But, I think it is in clock ticks since that date... I'll be at work in a little bit... Will look further into it.

 

[bfitzmai]

The time command is wrong... Will continue to look.

 

[xenia123]

im not so good in programming, but as far as i know, it is possible to with perl to get the unix timestamp

i searched in google, received many hits, but couldnt use anyone of these..

thank you
xenia

 

[Annihilannic]

This is a script called 1970 that I wrote for just this purpose :

#!/bin/ksh
#
# Print number of days since 01/01/1970.  Any parameter gives more
# verbose output.

[[ -x /usr/bin/nawk ]] && AWK=/usr/bin/nawk || AWK=/usr/bin/awk

date +"%j %Y" | $AWK -v VERBOSE=$1 '
{
        DAYOFYEAR=$1
        CURRENTYEAR=$2
        DAYS=-1 # Because it is not 1 day since 01/01/1970 until 02/01/1970.
        if (VERBOSE) { printf("%8s%8s%8s\n","Year","Days","Total") }
        for (YEAR=1970; YEAR < CURRENTYEAR; YEAR++) {
                if (YEAR % 4 == 0) {
                        if (YEAR % 100 == 0) {
                                if (YEAR % 1000 == 0) {
                                        YEARDAYS=366
                                } else {
                                        YEARDAYS=365
                                }
                        } else {
                                YEARDAYS=366
                        }
                } else {
                        YEARDAYS=365
                }
                DAYS+=YEARDAYS
                if (VERBOSE) { printf("%8s%8d%8d\n",YEAR,YEARDAYS,DAYS) }
        }
        DAYS+=DAYOFYEAR
        if (VERBOSE) { printf("%8s%8d",YEAR,DAYOFYEAR) }
        printf("%8d\n",DAYS)
}
'[/b]

Annihilannic.

 

[xenia123]

Hi Annihilannic

Thank you for the script. It runs perfectly. i included it into my script to modify the shadow attributes... my question is now, should the shadowinactive attribute be the number of days since January 1st 1970 and the numbers of days when the account will be inactive?

thank you in forward
regards

 

[Annihilannic]

Have a look at man shadow, it explains the field values quite clearly.

I normally use the passwd -n N -w N -x N username to modify these values rather than modifying /etc/shadow directly.

Annihilannic.

 

[xenia123]

Hi

Thank you for the hints. I'm going to test this with a ldap user.. think that it will run

wish you nice x-mas and a happy new year

regards