Find out when password expires? - Aix

This is a discussion on Find out when password expires? - Aix ; Folks, I need to implement a scheme at a client site (auditors asked for it) where users has to change the password every 3 months. I can set maxage option so that they will be forced to change password every ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Find out when password expires?

  1. Find out when password expires?


    Folks,

    I need to implement a scheme at a client site (auditors asked for it) where
    users has to change the password every 3 months. I can set maxage option so
    that they will be forced to change password every 3 months.

    The problem is that most of the user do not login directly into AIX. From
    their PC they run a client application that connects to a port on AIX. The
    server application authenticates them against the password file.

    I need to write a script that I can run from cron that will find out when
    the password expires and notify them everyday starting from one week before
    it expires, so that they can telnet into the server and change their
    password.

    I looked at lsuser command, but I am not sure if "lsuser -a maxage username"
    gives me value of maxage option or it gives me the number of weeks in which
    password will expire (i.e. decrease by 1 every week).

    Is there another way to find out when the password will expire?

    Thanks.


    --
    Hemant Shah /"\ ASCII ribbon campaign
    E-mail: NoJunkMailshah@xnet.com \ / ---------------------
    X against HTML mail
    TO REPLY, REMOVE NoJunkMail / \ and postings
    FROM MY E-MAIL ADDRESS.
    -----------------[DO NOT SEND UNSOLICITED BULK E-MAIL]------------------
    I haven't lost my mind, Above opinions are mine only.
    it's backed up on tape somewhere. Others can have their own.

  2. Re: Find out when password expires?

    With modification for your site this should work. YMMV


    #!/bin/ksh
    ##
    ##
    ## chkex check status of password expiration
    ## =====
    ##
    ##
    ##
    ## Created: 01-22-99
    ## Last modification:
    ##
    ## Desc: Examine all accounts on the NIS master and generate a report
    regarding
    ## password expiration. Optionally send an email message to
    each account
    ## that will be expiring within "n" days or less. The
    threshold of expiration
    ## is controlled by the NOTIFYDAYS variable.
    ##
    ## A script that automatically generates email is one to be
    cautious about.
    ## The goal is to benefit users, not get them ticked off. ;-)
    ##
    ## The program relies on 2 little C programs for time-since-
    epoch conversion.
    ## The programs "sec2date" & "currsec" are available on the CA
    anonymous FTP site.
    ##
    ##
    ## Usage: chkex [ -d | -m ] [ -u UserID ] [ -f ExcludeFileName ]
    [ -s MailAdress ]
    ##
    ## switches:
    ##
    ## -d ... debug mode, no mail generated
    ##
    ## -m ... generate mail to users whose password
    expires
    ## within $NOTIFYDAYS
    ##
    ## -u ... check a single user ID only
    ##
    ## -f ... read this file for ID's to exclude;
    ## RETARS accounts & system accounts
    ## should be listed here;
    ## one account name per line
    ##
    ## -s ... send a summary report to this mail
    address
    ##
    ##
    --------------------------------------------------------------------------
    ## Notes:
    ##
    ## The script includes a debug option so that you can check out
    it's
    ## behavior prior to automating the creation of mail to users.
    The
    ## suggested sequence for getting acquainted with the script is
    as
    ## follows:
    ##
    ## 1) chkex (w/ no arguments passed)
    ##
    ## This will write 3 columns of output to stdio. The 1st
    ## column shows accounts whose passwd was never set (i.e.,
    NULL)
    ## and accounts whose passwd will expire in $NOTIFYDAYS or
    less.
    ## The 2nd column shows accounts that have active passwds
    within
    ## normal expiration limits. The 3rd column shows accounts
    ## with passwds that have already expired. NO EMAIL IS
    GENERATED.
    ##
    ##
    ## orig line 2) chkex -d -m -f /usr/local/bin/chkex.excludes
    ## 2) chkex -d -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes
    ##
    ## This will produce output similar to the previous run, but
    ## produces info regarding hits on the exlude list; it also
    ## reaches the code to generate mail but bails at the last
    ## minute. NO EMAIL IS GENERATED. The output indicates that
    ## email is NOT being sent.
    ##
    ##
    ## orig line 3) chkex -d -m -f /usr/local/bin/chkex.excludes -u

    ## 3) chkex -d -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -u

    ##
    ##
    ## Try a few different UserID's with these options. Only the
    ## account passed with the -u switch will be examined.
    ##
    ##
    ## OK... let 'er rip...
    ##
    ## orig line 4) chkex -m -f /usr/local/bin/chkex.excludes -s

    ## 4) chkex -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -s

    ##
    ## No standard output is produced, mail is sent to accounts,
    a
    ## summary report is generated and mailed.
    ##
    ## orig line example: chkex -m -f /usr/local/bin/chkex.excludes -
    s balimi@ca.blm.gov
    ## example: chkex -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -
    s balimi@ca.blm.gov
    ##
    ## Before sticking it in the crontab, run it manually once a
    day
    ## for a couple of days. The cronjob should be run only
    once a
    ## day at max. Something like...
    ##
    ## orig line 0 2 * * 0-4 chkex -m -f /usr/local/bin/chkex.excludes -s
    balimi@ca.blm.gov
    ## 0 2 * * 0-4 chkex -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -s
    balimi@ca.blm.gov
    ##
    ## ... i.e., Sun through Thurs at 2AM
    ##
    ################################################## ##############

    #================================================= ============#
    # #
    # S t a r t o f S i t e S p e c i f i c D a t a #
    # #
    #================================================= ============#


    # NOTE: This is the right-side of the email address that will
    # used to generate email messages to the user accounts
    #
    # The code looks like -> ${USER}@${MAIL_DOMAIN}
    #
    MAIL_DOMAIN="sc.blm.gov"

    # Insert the HOSTNAME of the UNIX workstation that is generating
    # the mail message based on the environment variable hostname
    HOST=`hostname`

    # if there are NOTIFYDAYS or less before the pwd deadline, then send
    an email
    # in CA, we're using 3 days; your call...
    #
    NOTIFYDAYS=10

    #================================================= ============#
    # #
    # E n d o f S i t e S p e c i f i c D a t a #
    # #
    #================================================= ============#

    # tmp file to write summary info
    OUTF="/tmp/pwdnotify.$$"

    # body of notification message; be careful about modifying this text
    #MSG_BODY="\n \nThis is a system generated message - no need to reply.
    \n \nYour UNIX password on { ' $HOST ' } is about to expire.\n \nDays
    left before expiration: "

    # subject line; no spaces here
    MSG_SUBJECT='Unix_password_expiration_notice'

    #seconds in one week
    ONEWEEK=604800

    # seconds in a day
    ONEDAY=84600

    # the location of the utility programs for time conversions
    SEC2DATE="/olds/cronjobs/bin/sec2date"
    CURRSEC="/olds/cronjobs/bin/currsec"

    (( NOTIFYTIME = $ONEDAY * $NOTIFYDAYS ))
    i=0

    D_FLAG=0
    M_FLAG=0
    U_FLAG=0
    F_FLAG=0
    S_FLAG=0
    EXCLUSION=0
    OUTPUT=0

    # ------------------------------------------------------------
    # function definitions
    # ------------------------------------------------------------
    function printstr
    #
    #
    {
    if (( $OUTPUT || $D_FLAG ))
    then
    print $1
    fi
    }
    # -------------------------------
    function chk_progs
    #
    #
    {
    if ! whence $SEC2DATE > /dev/null
    then
    print "ERROR: can't find $SEC2DATE "
    return 1
    fi

    if ! whence $CURRSEC > /dev/null
    then
    print "ERROR: can't find $CURRSEC "
    return 1
    fi
    }
    # -------------------------------
    function show_flags
    #
    #
    {
    if (( $M_FLAG )); then
    print "Mail to be sent to user"
    fi

    if (( $U_FLAG )); then
    print "Only user $USER to be checked"
    fi

    if (( $F_FLAG )); then
    print "File $FLIST to be used for exclusion IDs"
    fi

    if (( $S_FLAG )); then
    print "Summary report to $MAILTO "
    fi

    if (( $D_FLAG )); then
    print "Debug Mode On "
    fi
    }
    # ------------------------------------------------------------
    function checkusers
    #
    {
    if chk_progs
    then

    if (( $U_FLAG )) then
    USERPOOL=$USER
    else
    USERPOOL=`cat /etc/passwd | sort | awk -F":" '{ print $1 }'`
    fi

    # get the default maxage
    DEFMAXAGE=`grep -p ^default /etc/security/user | grep maxage |
    awk '{print $3}' `

    # figure out the current time in seconds since the epoch
    CURRTIME=`$CURRSEC `

    for USER in $USERPOOL
    do
    EXCLUSION=0
    if (( $F_FLAG ))
    then
    if grep $USER $FLIST > /dev/null
    then
    printstr "\nFound user $USER in exlude list...skipping...
    \n"
    EXCLUSION=1
    fi
    fi

    if (( ! $EXCLUSION ))
    then

    (( i = i + 1 ))
    #echo "user: " $USER
    LASTUPDATE=` grep -p ^${USER}: /etc/security/passwd | \
    grep lastupdate | awk '{print $3}'`
    #echo "FIRST lastupdate " $LASTUPDATE

    # only follow through for users that *have* a lastupdate
    if [[ -n $LASTUPDATE ]]
    then
    # see if this user overrides the default
    USERMAXAGE=`grep -p ^${USER}: /etc/security/user | \
    grep maxage | awk '{print $3}' `
    if [[ -n $USERMAXAGE ]]
    then
    TRUEMAX=$USERMAXAGE
    else
    TRUEMAX=$DEFMAXAGE
    fi

    # the allowed time of password age, in seconds
    (( MAX_AGE_SECS = $TRUEMAX * ONEWEEK ))

    #echo "Last Update" $LASTUPDATE
    #echo "Max age secs" $MAX_AGE_SECS
    # the deadline for the change change
    (( DEADLINE = $LASTUPDATE + $MAX_AGE_SECS ))
    #echo "DONE"

    # this is the shrinking window of time
    (( WINDOW = DEADLINE - CURRTIME ))
    (( DAYSLEFT = WINDOW / ONEDAY ))

    # if WINDOW is less than NOTIFYTIME, then do something!!
    if (( WINDOW < NOTIFYTIME ))
    then
    if (( WINDOW < 0 ))
    then
    (( EXPIREDTIME = $DAYSLEFT * -1 ))
    printstr "\t\t\t\t\t\t\t\t\t$USER expired $EXPIREDTIME
    day(s) ago "
    else
    if (( DAYSLEFT == 0 ))
    then
    DAYSLEFT="0 (less than 24 hours)"
    fi

    printstr "WARNING: $USER $DAYSLEFT day(s) left"
    echo "NOTIFICATION: The AIX password for user: $USER
    will be expiring in $DAYSLEFT day(s)." >> $OUTF
    if (( $M_FLAG ))
    then
    if (( $D_FLAG ))
    then
    printstr "\nDEBUG MODE: will _NOT_ send mail to
    $USER (days left: $DAYSLEFT ) \n "
    else
    # echo "send mail to user ???"
    printstr "Sending mail notification to $USER (days
    left: $DAYSLEFT ) "
    echo "\nThis is a system generated message - no
    need to reply.\nThe AIX password for account \"${USER}\" is about to
    expire.\nPlease logon to your UNIX workstation and use the \"passwd\"
    command or the script \"passmass4\" \nto update your password before
    expiration.\n\nDays left before expiration: ${DAYSLEFT}" | mail -s
    Unix_password_expiration_notice_for_${USER} ${USER}@${MAIL_DOMAIN}
    fi
    else
    printstr "User ${USER}'s password expires in $DAYSLEFT
    day(s)."
    fi
    sync
    fi
    else
    printstr "\t\t\t\t$USER has $DAYSLEFT day(s) left"
    fi
    else
    printstr "(null - pwd never set)\t $USER "
    fi
    fi
    done
    fi

    if (( $S_FLAG ))
    then
    mail -s pwd-notify-results $MAILTO < $OUTF
    fi
    #rm $OUTF

    printstr "\n\nDone. Checked $i users."
    }
    # ------------------------------------------------------------
    # start of main
    # ------------------------------------------------------------
    touch $OUTF
    if (( $# == 0 ))
    then
    OUTPUT=1
    fi
    printstr " "
    clear
    while getopts dmu:f:s: ARG 2> /dev/null
    do
    case $ARG in
    d) D_FLAG=1;;
    m) M_FLAG=1;;
    u) U_FLAG=1
    USER="$OPTARG";;
    f) F_FLAG=1
    FLIST="$OPTARG"
    if [[ ! -f $FLIST ]]
    then
    print "ERROR: cannot read file $FLIST"
    exit 1
    fi;;
    s) S_FLAG=1
    MAILTO="$OPTARG";;
    ?) print "\n\n\nUsage: \n $0 [ -d | -m ] [ -u UserID ] [ -f
    ExcludeFileName ] [ -s MailAdress ] \n\n\n"
    exit 1;;
    esac
    done

    # show all the flags if in debug mode
    if (( $D_FLAG ))
    then
    show_flags
    fi

    # if you are checking a single user, always send info to stdio
    if (( U_FLAG ))
    then
    OUTPUT=1
    fi
    checkusers


  3. Re: Find out when password expires?


    Thanks. I will take a look at this script.


    While stranded on information super highway prichard@blm.gov wrote:
    > With modification for your site this should work. YMMV
    >
    >
    > #!/bin/ksh
    > ##
    > ##
    > ## chkex check status of password expiration
    > ## =====
    > ##
    > ##
    > ##
    > ## Created: 01-22-99
    > ## Last modification:
    > ##
    > ## Desc: Examine all accounts on the NIS master and generate a report
    > regarding
    > ## password expiration. Optionally send an email message to
    > each account
    > ## that will be expiring within "n" days or less. The
    > threshold of expiration
    > ## is controlled by the NOTIFYDAYS variable.
    > ##
    > ## A script that automatically generates email is one to be
    > cautious about.
    > ## The goal is to benefit users, not get them ticked off. ;-)
    > ##
    > ## The program relies on 2 little C programs for time-since-
    > epoch conversion.
    > ## The programs "sec2date" & "currsec" are available on the CA
    > anonymous FTP site.
    > ##
    > ##
    > ## Usage: chkex [ -d | -m ] [ -u UserID ] [ -f ExcludeFileName ]
    > [ -s MailAdress ]
    > ##
    > ## switches:
    > ##
    > ## -d ... debug mode, no mail generated
    > ##
    > ## -m ... generate mail to users whose password
    > expires
    > ## within $NOTIFYDAYS
    > ##
    > ## -u ... check a single user ID only
    > ##
    > ## -f ... read this file for ID's to exclude;
    > ## RETARS accounts & system accounts
    > ## should be listed here;
    > ## one account name per line
    > ##
    > ## -s ... send a summary report to this mail
    > address
    > ##
    > ##
    > --------------------------------------------------------------------------
    > ## Notes:
    > ##
    > ## The script includes a debug option so that you can check out
    > it's
    > ## behavior prior to automating the creation of mail to users.
    > The
    > ## suggested sequence for getting acquainted with the script is
    > as
    > ## follows:
    > ##
    > ## 1) chkex (w/ no arguments passed)
    > ##
    > ## This will write 3 columns of output to stdio. The 1st
    > ## column shows accounts whose passwd was never set (i.e.,
    > NULL)
    > ## and accounts whose passwd will expire in $NOTIFYDAYS or
    > less.
    > ## The 2nd column shows accounts that have active passwds
    > within
    > ## normal expiration limits. The 3rd column shows accounts
    > ## with passwds that have already expired. NO EMAIL IS
    > GENERATED.
    > ##
    > ##
    > ## orig line 2) chkex -d -m -f /usr/local/bin/chkex.excludes
    > ## 2) chkex -d -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes
    > ##
    > ## This will produce output similar to the previous run, but
    > ## produces info regarding hits on the exlude list; it also
    > ## reaches the code to generate mail but bails at the last
    > ## minute. NO EMAIL IS GENERATED. The output indicates that
    > ## email is NOT being sent.
    > ##
    > ##
    > ## orig line 3) chkex -d -m -f /usr/local/bin/chkex.excludes -u
    >
    > ## 3) chkex -d -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -u
    >
    > ##
    > ##
    > ## Try a few different UserID's with these options. Only the
    > ## account passed with the -u switch will be examined.
    > ##
    > ##
    > ## OK... let 'er rip...
    > ##
    > ## orig line 4) chkex -m -f /usr/local/bin/chkex.excludes -s
    >
    > ## 4) chkex -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -s
    >
    > ##
    > ## No standard output is produced, mail is sent to accounts,
    > a
    > ## summary report is generated and mailed.
    > ##
    > ## orig line example: chkex -m -f /usr/local/bin/chkex.excludes -
    > s balimi@ca.blm.gov
    > ## example: chkex -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -
    > s balimi@ca.blm.gov
    > ##
    > ## Before sticking it in the crontab, run it manually once a
    > day
    > ## for a couple of days. The cronjob should be run only
    > once a
    > ## day at max. Something like...
    > ##
    > ## orig line 0 2 * * 0-4 chkex -m -f /usr/local/bin/chkex.excludes -s
    > balimi@ca.blm.gov
    > ## 0 2 * * 0-4 chkex -m -f /fs1/sysadm/cronjobs/bin/chkex.excludes -s
    > balimi@ca.blm.gov
    > ##
    > ## ... i.e., Sun through Thurs at 2AM
    > ##
    > ################################################## ##############
    >
    > #================================================= ============#
    > # #
    > # S t a r t o f S i t e S p e c i f i c D a t a #
    > # #
    > #================================================= ============#
    >
    >
    > # NOTE: This is the right-side of the email address that will
    > # used to generate email messages to the user accounts
    > #
    > # The code looks like -> ${USER}@${MAIL_DOMAIN}
    > #
    > MAIL_DOMAIN="sc.blm.gov"
    >
    > # Insert the HOSTNAME of the UNIX workstation that is generating
    > # the mail message based on the environment variable hostname
    > HOST=`hostname`
    >
    > # if there are NOTIFYDAYS or less before the pwd deadline, then send
    > an email
    > # in CA, we're using 3 days; your call...
    > #
    > NOTIFYDAYS=10
    >
    > #================================================= ============#
    > # #
    > # E n d o f S i t e S p e c i f i c D a t a #
    > # #
    > #================================================= ============#
    >
    > # tmp file to write summary info
    > OUTF="/tmp/pwdnotify.$$"
    >
    > # body of notification message; be careful about modifying this text
    > #MSG_BODY="\n \nThis is a system generated message - no need to reply.
    > \n \nYour UNIX password on { ' $HOST ' } is about to expire.\n \nDays
    > left before expiration: "
    >
    > # subject line; no spaces here
    > MSG_SUBJECT='Unix_password_expiration_notice'
    >
    > #seconds in one week
    > ONEWEEK=604800
    >
    > # seconds in a day
    > ONEDAY=84600
    >
    > # the location of the utility programs for time conversions
    > SEC2DATE="/olds/cronjobs/bin/sec2date"
    > CURRSEC="/olds/cronjobs/bin/currsec"
    >
    > (( NOTIFYTIME = $ONEDAY * $NOTIFYDAYS ))
    > i=0
    >
    > D_FLAG=0
    > M_FLAG=0
    > U_FLAG=0
    > F_FLAG=0
    > S_FLAG=0
    > EXCLUSION=0
    > OUTPUT=0
    >
    > # ------------------------------------------------------------
    > # function definitions
    > # ------------------------------------------------------------
    > function printstr
    > #
    > #
    > {
    > if (( $OUTPUT || $D_FLAG ))
    > then
    > print $1
    > fi
    > }
    > # -------------------------------
    > function chk_progs
    > #
    > #
    > {
    > if ! whence $SEC2DATE > /dev/null
    > then
    > print "ERROR: can't find $SEC2DATE "
    > return 1
    > fi
    >
    > if ! whence $CURRSEC > /dev/null
    > then
    > print "ERROR: can't find $CURRSEC "
    > return 1
    > fi
    > }
    > # -------------------------------
    > function show_flags
    > #
    > #
    > {
    > if (( $M_FLAG )); then
    > print "Mail to be sent to user"
    > fi
    >
    > if (( $U_FLAG )); then
    > print "Only user $USER to be checked"
    > fi
    >
    > if (( $F_FLAG )); then
    > print "File $FLIST to be used for exclusion IDs"
    > fi
    >
    > if (( $S_FLAG )); then
    > print "Summary report to $MAILTO "
    > fi
    >
    > if (( $D_FLAG )); then
    > print "Debug Mode On "
    > fi
    > }
    > # ------------------------------------------------------------
    > function checkusers
    > #
    > {
    > if chk_progs
    > then
    >
    > if (( $U_FLAG )) then
    > USERPOOL=$USER
    > else
    > USERPOOL=`cat /etc/passwd | sort | awk -F":" '{ print $1 }'`
    > fi
    >
    > # get the default maxage
    > DEFMAXAGE=`grep -p ^default /etc/security/user | grep maxage |
    > awk '{print $3}' `
    >
    > # figure out the current time in seconds since the epoch
    > CURRTIME=`$CURRSEC `
    >
    > for USER in $USERPOOL
    > do
    > EXCLUSION=0
    > if (( $F_FLAG ))
    > then
    > if grep $USER $FLIST > /dev/null
    > then
    > printstr "\nFound user $USER in exlude list...skipping...
    > \n"
    > EXCLUSION=1
    > fi
    > fi
    >
    > if (( ! $EXCLUSION ))
    > then
    >
    > (( i = i + 1 ))
    > #echo "user: " $USER
    > LASTUPDATE=` grep -p ^${USER}: /etc/security/passwd | \
    > grep lastupdate | awk '{print $3}'`
    > #echo "FIRST lastupdate " $LASTUPDATE
    >
    > # only follow through for users that *have* a lastupdate
    > if [[ -n $LASTUPDATE ]]
    > then
    > # see if this user overrides the default
    > USERMAXAGE=`grep -p ^${USER}: /etc/security/user | \
    > grep maxage | awk '{print $3}' `
    > if [[ -n $USERMAXAGE ]]
    > then
    > TRUEMAX=$USERMAXAGE
    > else
    > TRUEMAX=$DEFMAXAGE
    > fi
    >
    > # the allowed time of password age, in seconds
    > (( MAX_AGE_SECS = $TRUEMAX * ONEWEEK ))
    >
    > #echo "Last Update" $LASTUPDATE
    > #echo "Max age secs" $MAX_AGE_SECS
    > # the deadline for the change change
    > (( DEADLINE = $LASTUPDATE + $MAX_AGE_SECS ))
    > #echo "DONE"
    >
    > # this is the shrinking window of time
    > (( WINDOW = DEADLINE - CURRTIME ))
    > (( DAYSLEFT = WINDOW / ONEDAY ))
    >
    > # if WINDOW is less than NOTIFYTIME, then do something!!
    > if (( WINDOW < NOTIFYTIME ))
    > then
    > if (( WINDOW < 0 ))
    > then
    > (( EXPIREDTIME = $DAYSLEFT * -1 ))
    > printstr "\t\t\t\t\t\t\t\t\t$USER expired $EXPIREDTIME
    > day(s) ago "
    > else
    > if (( DAYSLEFT == 0 ))
    > then
    > DAYSLEFT="0 (less than 24 hours)"
    > fi
    >
    > printstr "WARNING: $USER $DAYSLEFT day(s) left"
    > echo "NOTIFICATION: The AIX password for user: $USER
    > will be expiring in $DAYSLEFT day(s)." >> $OUTF
    > if (( $M_FLAG ))
    > then
    > if (( $D_FLAG ))
    > then
    > printstr "\nDEBUG MODE: will _NOT_ send mail to
    > $USER (days left: $DAYSLEFT ) \n "
    > else
    > # echo "send mail to user ???"
    > printstr "Sending mail notification to $USER (days
    > left: $DAYSLEFT ) "
    > echo "\nThis is a system generated message - no
    > need to reply.\nThe AIX password for account \"${USER}\" is about to
    > expire.\nPlease logon to your UNIX workstation and use the \"passwd\"
    > command or the script \"passmass4\" \nto update your password before
    > expiration.\n\nDays left before expiration: ${DAYSLEFT}" | mail -s
    > Unix_password_expiration_notice_for_${USER} ${USER}@${MAIL_DOMAIN}
    > fi
    > else
    > printstr "User ${USER}'s password expires in $DAYSLEFT
    > day(s)."
    > fi
    > sync
    > fi
    > else
    > printstr "\t\t\t\t$USER has $DAYSLEFT day(s) left"
    > fi
    > else
    > printstr "(null - pwd never set)\t $USER "
    > fi
    > fi
    > done
    > fi
    >
    > if (( $S_FLAG ))
    > then
    > mail -s pwd-notify-results $MAILTO < $OUTF
    > fi
    > #rm $OUTF
    >
    > printstr "\n\nDone. Checked $i users."
    > }
    > # ------------------------------------------------------------
    > # start of main
    > # ------------------------------------------------------------
    > touch $OUTF
    > if (( $# == 0 ))
    > then
    > OUTPUT=1
    > fi
    > printstr " "
    > clear
    > while getopts dmu:f:s: ARG 2> /dev/null
    > do
    > case $ARG in
    > d) D_FLAG=1;;
    > m) M_FLAG=1;;
    > u) U_FLAG=1
    > USER="$OPTARG";;
    > f) F_FLAG=1
    > FLIST="$OPTARG"
    > if [[ ! -f $FLIST ]]
    > then
    > print "ERROR: cannot read file $FLIST"
    > exit 1
    > fi;;
    > s) S_FLAG=1
    > MAILTO="$OPTARG";;
    > ?) print "\n\n\nUsage: \n $0 [ -d | -m ] [ -u UserID ] [ -f
    > ExcludeFileName ] [ -s MailAdress ] \n\n\n"
    > exit 1;;
    > esac
    > done
    >
    > # show all the flags if in debug mode
    > if (( $D_FLAG ))
    > then
    > show_flags
    > fi
    >
    > # if you are checking a single user, always send info to stdio
    > if (( U_FLAG ))
    > then
    > OUTPUT=1
    > fi
    > checkusers
    >


    --
    Hemant Shah /"\ ASCII ribbon campaign
    E-mail: NoJunkMailshah@xnet.com \ / ---------------------
    X against HTML mail
    TO REPLY, REMOVE NoJunkMail / \ and postings
    FROM MY E-MAIL ADDRESS.
    -----------------[DO NOT SEND UNSOLICITED BULK E-MAIL]------------------
    I haven't lost my mind, Above opinions are mine only.
    it's backed up on tape somewhere. Others can have their own.

  4. Re: Find out when password expires?

    While stranded on information super highway Hemant Shah wrote:
    >
    > Thanks. I will take a look at this script.
    >
    >
    > While stranded on information super highway prichard@blm.gov wrote:
    >> With modification for your site this should work. YMMV
    >>
    >>



    I re-wrote the script in perl:


    ---------cut-------------cut-------------cut-------------cut----
    #!/usr/bin/perl -w

    # Number of seconds since epoch.
    $CurrentTimeInSecs = time();

    # Seconds in one week.
    $SecsInOneWeek = 604800;

    # Seconds in one day.
    $SecsInOneDay = 84600;

    # if there are NotifyDays or less before the pwd deadline, then send an email
    $NotifyDays = 10;
    $NotifyTimeInSecs = $NotifyDays * $SecsInOneDay;


    sub SendEmail($$)
    {
    my $UserName = shift;
    my $EMailBody = shift;

    $EMailAddress = "$UserName\@xyz.com";

    open(PIPE,"|/usr/sbin/sendmail $EMailAddress");
    print PIPE "From: root\n";
    print PIPE "Subject: Unix password expiration notice.\n";
    print PIPE "Cc: \n";
    print PIPE "\n";
    print PIPE "$EMailBody\n";
    close(PIPE)
    }

    ################################################## ############################
    # Main program.
    ################################################## ############################
    open(PASSWD, " while ()
    {
    ($UserName, $Junk, $UserId, $Junk) = split(/:/, $_);
    if ($UserId < 600 || $UserId > 999)
    {
    # Skip non "user" (employee) accounts.
    # next;
    }

    $LastUpdateInSecs = `/usr/sbin/lsuser -a lastupdate $UserName | cut -d'=' -f2`;
    chomp $LastUpdateInSecs;

    # lsuser returns only username if lastupdate is not set.
    if ($LastUpdateInSecs eq $UserName)
    {
    print "WARNING: Cannot get lastupdate for $UserName. No e-mail sent.\n";
    next;
    }
    $MaxAgeInWeeks = `/usr/sbin/lsuser -f $UserName | grep maxage | cut -d'=' -f2`;
    chomp $MaxAgeInWeeks;

    # I am guessing that lsuser also returns only username if maxage is not set.
    if ($MaxAgeInWeeks eq $UserName)
    {
    print "WARNING: Cannot get maxage for $UserName. No e-mail sent.\n";
    next;
    }

    if ($MaxAgeInWeeks == 0)
    {
    print "WARNING: maxage not set for $UserName. No e-mail sent.\n";
    next;
    }


    $MaxAgeInSecs = $MaxAgeInWeeks * $SecsInOneWeek;
    $DeadLineInSecs = $LastUpdateInSecs + $MaxAgeInSecs;
    $WindowInSecs = $DeadLineInSecs - $CurrentTimeInSecs;
    $DaysLeft = int($WindowInSecs / $SecsInOneDay);

    if ($WindowInSecs < $NotifyTimeInSecs)
    {
    if ($WindowInSecs < 0)
    {
    $DaysLeft = $DaysLeft * -1;
    $EMailBody = "Your AIX system password expired $DaysLeft ago.
    Login into AIX system and change your password.
    ";
    }
    else
    {
    $EMailBody = "Your AIX system password will expire in $DaysLeft days.
    Login into AIX system and change your password.
    ";
    }
    }

    # print "$UserName\n$EMailBody\n\n";
    SendEmail($UserName, $EMailBody);

    }
    close(PASSWD);


    ---------cut-------------cut-------------cut-------------cut----
    --
    Hemant Shah /"\ ASCII ribbon campaign
    E-mail: NoJunkMailshah@xnet.com \ / ---------------------
    X against HTML mail
    TO REPLY, REMOVE NoJunkMail / \ and postings
    FROM MY E-MAIL ADDRESS.
    -----------------[DO NOT SEND UNSOLICITED BULK E-MAIL]------------------
    I haven't lost my mind, Above opinions are mine only.
    it's backed up on tape somewhere. Others can have their own.

+ Reply to Thread