Password aging information

Password aging information

Post by zamar » Thu, 13 May 2004 21:25:07



Hi,

Please help me out in writing a shell script which can pop-up a user
when he logs on / his account is about required a password change,
similar when we logon to windows is shows us a message "You are
required to change the password within x days"

I am not getting the logic to build a script which can generate the
password aging info for all users present on sun boxes.

ex:

PS 030195 10 7 -1

Rgds,
zamaron

 
 
 

Password aging information

Post by Davide Bianch » Thu, 13 May 2004 21:42:39



Quote:> Please help me out in writing a shell script which can pop-up a user

If you are using password aging the user should be automatically
warned about the password expiration when he/she logs in. No script
is necessary.

Quote:> I am not getting the logic to build a script which can generate the
> password aging info for all users present on sun boxes.

man shadow should do the trick

Davide

--
| Experience varies directly with equipment ruined.
|
|
|

 
 
 

Password aging information

Post by K7ME » Fri, 14 May 2004 05:54:54



> Hi,

> Please help me out in writing a shell script which can pop-up a user
> when he logs on / his account is about required a password change,
> similar when we logon to windows is shows us a message "You are
> required to change the password within x days"

> I am not getting the logic to build a script which can generate the
> password aging info for all users present on sun boxes.

> ex:

> PS 030195 10 7 -1

> Rgds,
> zamaron

We needed a custom script to do something similar. Ours is a perl script
that uses third field in the shadow file to tell us when the users
password was changed last. We place a 65 day limit on a users password.
At 55 days we start sending the user email notifying them that their
password is going to expire. If they do not change the password befor
the expiration date their login shell is changed and they will not be
able to log in. Once that happens they need to call the help desk to get
their password reset.

There are several companion scripts that monitor changes in the password
file and CGI web pages that allow us to scan the user accounts and see
who is about to expire and who isn't.

We have had our script in place for 3 or 4 years now and it's working
just fine. We also have a screen lock policy. Most everyone on Unix uses
CDE so we have another script that goes into a users .dt directory and
sets his screen lock and lock time. This also works very well.

--
Martin E. Meserve

 
 
 

Password aging information

Post by zamar » Fri, 14 May 2004 19:04:26


Where can I find the perl script which had helped you?


> > Hi,

> > Please help me out in writing a shell script which can pop-up a user
> > when he logs on / his account is about required a password change,
> > similar when we logon to windows is shows us a message "You are
> > required to change the password within x days"

> > I am not getting the logic to build a script which can generate the
> > password aging info for all users present on sun boxes.

> > ex:

> > PS 030195 10 7 -1

> > Rgds,
> > zamaron

> We needed a custom script to do something similar. Ours is a perl script
> that uses third field in the shadow file to tell us when the users
> password was changed last. We place a 65 day limit on a users password.
> At 55 days we start sending the user email notifying them that their
> password is going to expire. If they do not change the password befor
> the expiration date their login shell is changed and they will not be
> able to log in. Once that happens they need to call the help desk to get
> their password reset.

> There are several companion scripts that monitor changes in the password
> file and CGI web pages that allow us to scan the user accounts and see
> who is about to expire and who isn't.

> We have had our script in place for 3 or 4 years now and it's working
> just fine. We also have a screen lock policy. Most everyone on Unix uses
> CDE so we have another script that goes into a users .dt directory and
> sets his screen lock and lock time. This also works very well.

 
 
 

Password aging information

Post by APA » Sat, 15 May 2004 11:16:08


The way we did it at my job before coming to sun was to have the
passwdord and shadow files under RCS. They would generally be left open
for write and just before midnight each night cron would do a check in,
check out. That would give us a way of going back to a passwd file N
days old and comparing individual encrypted passwords. The nice thing
with doing it this way is that it works in a NIS environment, and
doesn't really impact the existing infrastructure.

alan.


> Where can I find the perl script which had helped you?



>>>Hi,

>>>Please help me out in writing a shell script which can pop-up a user
>>>when he logs on / his account is about required a password change,
>>>similar when we logon to windows is shows us a message "You are
>>>required to change the password within x days"

>>>I am not getting the logic to build a script which can generate the
>>>password aging info for all users present on sun boxes.

>>>ex:

>>>PS 030195 10 7 -1

>>>Rgds,
>>>zamaron

>>We needed a custom script to do something similar. Ours is a perl script
>>that uses third field in the shadow file to tell us when the users
>>password was changed last. We place a 65 day limit on a users password.
>>At 55 days we start sending the user email notifying them that their
>>password is going to expire. If they do not change the password befor
>>the expiration date their login shell is changed and they will not be
>>able to log in. Once that happens they need to call the help desk to get
>>their password reset.

>>There are several companion scripts that monitor changes in the password
>>file and CGI web pages that allow us to scan the user accounts and see
>>who is about to expire and who isn't.

>>We have had our script in place for 3 or 4 years now and it's working
>>just fine. We also have a screen lock policy. Most everyone on Unix uses
>>CDE so we have another script that goes into a users .dt directory and
>>sets his screen lock and lock time. This also works very well.