| Author |
Password aging information
|
|
| zamaron 2004-05-12, 8:46 am |
| Hi,
Please help me out in writing a shell script which can pop-up a user
when he logs on / his account is about required a password change,
similar when we logon to windows is shows us a message "You are
required to change the password within x days"
I am not getting the logic to build a script which can generate the
password aging info for all users present on sun boxes.
ex:
PS 030195 10 7 -1
Rgds,
zamaron
| |
| Davide Bianchi 2004-05-12, 8:46 am |
| In comp.unix.admin zamaron <zamaron2003@netzero.com> wrote:
> Please help me out in writing a shell script which can pop-up a user
If you are using password aging the user should be automatically
warned about the password expiration when he/she logs in. No script
is necessary.
> I am not getting the logic to build a script which can generate the
> password aging info for all users present on sun boxes.
man shadow should do the trick
Davide
--
| Experience varies directly with equipment ruined.
|
|
|
| |
|
|
zamaron wrote:
> Hi,
>
> Please help me out in writing a shell script which can pop-up a user
> when he logs on / his account is about required a password change,
> similar when we logon to windows is shows us a message "You are
> required to change the password within x days"
>
> I am not getting the logic to build a script which can generate the
> password aging info for all users present on sun boxes.
>
> ex:
>
> PS 030195 10 7 -1
>
> Rgds,
> zamaron
We needed a custom script to do something similar. Ours is a PERL script
that uses third field in the shadow file to tell us when the users
password was changed last. We place a 65 day limit on a users password.
At 55 days we start sending the user email notifying them that their
password is going to expire. If they do not change the password befor
the expiration date their login shell is changed and they will not be
able to log in. Once that happens they need to call the help desk to get
their password reset.
There are several companion scripts that monitor changes in the password
file and CGI web pages that allow us to scan the user accounts and see
who is about to expire and who isn't.
We have had our script in place for 3 or 4 years now and it's working
just fine. We also have a screen lock policy. Most everyone on Unix uses
CDE so we have another script that goes into a users .dt directory and
sets his screen lock and lock time. This also works very well.
--
Martin E. Meserve
k7mem@myrealbox.com
| |
| zamaron 2004-05-13, 6:36 am |
| Where can I find the PERL script which had helped you?
K7MEM <k7mem@myrealbox.com> wrote in message news:<40A28F1E.7070205@myrealbox.com>...
> zamaron wrote:
>
> We needed a custom script to do something similar. Ours is a PERL script
> that uses third field in the shadow file to tell us when the users
> password was changed last. We place a 65 day limit on a users password.
> At 55 days we start sending the user email notifying them that their
> password is going to expire. If they do not change the password befor
> the expiration date their login shell is changed and they will not be
> able to log in. Once that happens they need to call the help desk to get
> their password reset.
>
> There are several companion scripts that monitor changes in the password
> file and CGI web pages that allow us to scan the user accounts and see
> who is about to expire and who isn't.
>
> We have had our script in place for 3 or 4 years now and it's working
> just fine. We also have a screen lock policy. Most everyone on Unix uses
> CDE so we have another script that goes into a users .dt directory and
> sets his screen lock and lock time. This also works very well.
| |
| Alan Hargreaves - Product Technical Support (A 2004-05-13, 10:33 pm |
| The way we did it at my job before coming to sun was to have the
passwdord and shadow files under RCS. They would generally be left open
for write and just before midnight each night cron would do a check in,
check out. That would give us a way of going back to a passwd file N
days old and comparing individual encrypted passwords. The nice thing
with doing it this way is that it works in a NIS environment, and
doesn't really impact the existing infrastructure.
alan.
zamaron wrote:[vbcol=seagreen]
> Where can I find the PERL script which had helped you?
>
> K7MEM <k7mem@myrealbox.com> wrote in message news:<40A28F1E.7070205@myrealbox.com>...
>
|
|
|
|