Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

users passwd

Status
Not open for further replies.
xyz786

xyz786

IS-IT--Management
Apr 5, 2006
45
US
Hello,
Is there any way to generate a list daily of the user accounts that are going to expire within the next 3-5 days in AIX?
Does anybody have any script for this.
Thanks
 
Sort by date Sort by votes
This can be scripted - have seen it done but no longer have access to those systems. :(

Basically, you will need to parse the /etc/security/passwd file. For each user stanza, there are 3 lines:

smith:
password = MGURSj.F056Dj
lastupdate = 623078865
flags = ADMIN,NOCHECK

Note: the flags line may be blank. IE: flags =

The lastupdate line is the date (in seconds) when the pw was last updated. You will need to decode this value and then apply whatever your password lifetime is to see if its about to expire. If so, send them (or someone else) an email.

While I dont have a script to do exaclty what you want, here is a perl script I hacked out a while back that converts the time from seconds (lastupdate is in seconds) to an actual date:

#!/bin/perl
#
#
if ($ARGV[0] eq "")
{ print "\n\nUsage: time <time - in seconds>\n\n";
print "IE ./time.pl 1001112970"
}
else
{$input_time=$ARGV[0]}

#
# Get and display current time
#
$curtime=time();
$curdate=localtime($curtime);
print "\ntoday in seconds = $curtime\n";
print "today = $curdate\n\n";

# Convert entered time from seconds to normal date format and display
#
$normal_date = localtime($input_time);
print "Entered seconds (in seconds) = $input_time\n";
print "Entered seconds = $normal_date\n";


PS: there are 86400 seconds in one day.
 
Upvote 0 Downvote
This is a script whic I use to e-mail users who's passwords are about to expire. You can amend it as required. Note that our expirey time is 56 days.

Code: 
#! /usr/bin/perl -w
use strict;

my $host = `uname -n`;
chomp $host;

sub send_message
  {
  my ( $user, $message ) = @_;
  open FH, "|mail -s \"Password on $host\" $user\@mailserver"
    or die "Unable to open pipe to mail\n";
  print FH $message;
  close FH;
  }
# I'm only interested in users in the group 'helpdesk'
foreach my $user ( split /[,=\n]/, `lsgroup -a users helpdesk` )
  {
  $user =~ /^helpdesk/ and next; #not intersted in the generic helpdesk user
  #use lssec to extract last update
  my (undef,$chtime) = split /[=\n]/, `lssec -f /etc/security/passwd -s $user -a lastupdate 2>/dev/null`;
  # ignore those who have never updated (new or unused)
  $chtime or (print STDERR "$user has never been updated\n"), next;
  #calc days from now
  $chtime = int ((time - $chtime)/( 60 * 60 * 24 ));
  # ignore if changed in last 42 days
  $chtime < 42 and next;
  # if more than 56 days send expirey message
  ( $chtime = 56 - $chtime )  <= 0 and
    send_message $user, "Your password on $host has expired" 

    or #send about to expire message
    send_message $user, "Your password on $host will expire in $chtime days - please log in and reset it";
  }

Ceci n'est pas une signature
Columb Healy
 
Upvote 0 Downvote
For interest lsat updated in the stanza is the number of seconds from 1/1/1970
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

macrun95
  • Locked
  • Question
Bypassing /etc/nologin for specific users
Replies
1
Views
73
AIXLogician
AIXLogician
Enfors
  • Locked
  • Question
Allow non-root user to administer users
Replies
2
Views
132
Enfors
Enfors
c4rl0s
  • Locked
  • Question
/etc/passwd from AIX to HP-UX.
Replies
2
Views
65
c4rl0s
c4rl0s
flpgdt
  • Locked
  • Question
ssh many users to one home
Replies
1
Views
40
juredd1
juredd1
holdahl
  • Locked
  • Question
copy /home and users
Replies
3
Views
57
holdahl
holdahl

Part and Inventory Search

Sponsor

Back
Top