https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076586#M439664 closig with the current informations. Thanks to all. Sun, 18 Nov 2007 19:22:01 GMT skt_skt 2007-11-18T19:22:01Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076573#M439651 I need help finding a way to search for disabled account in linux Fri, 26 Oct 2007 15:27:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076573#M439651 skt_skt 2007-10-26T15:27:30Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076574#M439652 disabled/deactivated.. Fri, 26 Oct 2007 15:28:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076574#M439652 skt_skt 2007-10-26T15:28:28Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076575#M439653 Run a 'passwd -Sa' (that is a capital S and a lowercase a) and look for accounts that have an 'LK' in the 2nd column. Those accounts are locked. Fri, 26 Oct 2007 15:41:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076575#M439653 Patrick Wallek 2007-10-26T15:41:24Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076576#M439654 Patrick...you missed the "in linux" part<BR />he's got 2 posts in the Linux forums as well. Fri, 26 Oct 2007 15:56:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076576#M439654 OldSchool 2007-10-26T15:56:58Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076577#M439655 Umm...No I didn't miss the "Linux" part.<BR /><BR />I ran the "passwd -Sa" on my SuSE Linux Enterprise Server 10 machine and it works great.<BR /><BR />Now since he didn't mention WHICH LINUX, I can't be responsible if what works on my SLES box doesn't work on his "other Linux flavor" box.<BR /><BR /> Fri, 26 Oct 2007 16:16:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076577#M439655 Patrick Wallek 2007-10-26T16:16:59Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076578#M439656 let me be clear; i am looking for an answer in HP-UX since it is an HP-UX forum. I have a separate question in linux.(i forgot to remove "linux" filed while posting the similar question in HP-UX forum).<BR /><BR />[/root] /usr/lbin/getprpw kumarts<BR />uid=19806, bootpw=NO, audid=2351, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Mon Oct 15 15:17:03 2007, upwchg=Fri Sep 7 15:53:26 2007, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Oct 26 19:18:49 2007, ulogint=Fri Oct 26 09:05:52 2007, sloginy=tty, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000<BR /><BR />the value lockout=0000000 tells me the account is NOT locked.<BR /><BR />May be i am confused with account deactivated and locked. is there a diffrence between deactivated and locked state.<BR /><BR />My intention is to delete the deactivated accounts. But i DONT want the accounts to be deleted whihc are locked (example due to 5 login failures; a needed account can be in locked state at that point of time).<BR /><BR />So i want to identify only deactivated accounts?<BR /><BR />here my concern i see some of the accounts are in deactivated state but they are still in use/can be used.This i observed for set of ftp accounts and thier properties are below.(Please note that this accounts was recreated recently as the account was deleted assuming not in use/deactivated; so you can see new dates for spwchg,slogint now)<BR /><BR />/usr/lbin/getprpw amsboa01<BR />uid=154, bootpw=NO, audid=2740, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Oct 25 09:05:39 2007, upwchg=-1, acctexp=-1, llog=0, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Oct 25 08:43:26 2007, ulogint=-1, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000<BR /><BR /><BR />did i get that correct(accounts are in deactivated state but they are still in use)?if that is correct/incorrect , how we can explain that scenario?<BR /> Fri, 26 Oct 2007 18:43:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076578#M439656 skt_skt 2007-10-26T18:43:57Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076579#M439657 If you are on HP-UX 11.11 or higher then do a 'man getprpw' and look for the "lockout" section. There you will see what each position of the 'lockout=0000000' means. Each position mean a different thing. <BR /><BR />The bottom line though is if ANY position has a '1' in it, then the user can't login. Fri, 26 Oct 2007 20:04:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076579#M439657 Patrick Wallek 2007-10-26T20:04:01Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076580#M439658 WWhy don't you check in /etc/passwd file.The entries having * for there passwd field are the disabled ones.<BR /> Fri, 26 Oct 2007 23:06:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076580#M439658 Sachin Rajput 2007-10-26T23:06:38Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076581#M439659 i know about this 7 bits.<BR /><BR />REASON[1]="past password lifetime" <BR />REASON[2]="past last login time" <BR />REASON[3]="past absolute account lifetime" <BR />REASON[4]="exceeding unsuccessful login attempts" <BR />REASON[5]="password required and a null password" <BR />REASON[6]="admin lock" <BR />REASON[7]="password is a *" <BR /><BR />So did u mean if the account is locked(one of the bits is one) the account is in "deactivated" state? Sat, 27 Oct 2007 20:13:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076581#M439659 skt_skt 2007-10-27T20:13:59Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076582#M439660 You said: "So did u mean if the account is locked(one of the bits is one) the account is in "deactivated" state?"<BR /><BR />If there is a '1' in ANY position in the lockout string, then the user CANNOT login. Whether you call that locked, disabled or deactivated is entirely up to you. Sat, 27 Oct 2007 21:46:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076582#M439660 Patrick Wallek 2007-10-27T21:46:35Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076583#M439661 Note to Sachin Rajput:<BR /><BR />You said: " WWhy don't you check in /etc/passwd file.The entries having * for there passwd field are the disabled ones."<BR /><BR />Since Santhosh asked about the output of the getprpw command, specifically the "lockout" value, that indicated that this system is set up as a TRUSTED system. If you review how a trusted system works, you will discover that ALL account have a '*' in the passwd field in the /etc/passwd file. That is because the password is NOT actually stored there. The passwords are stored in the /tcb/files/auth/* directory structure. <BR /><BR />In this case the '*' does NOT indicate the account is disabled.<BR /> Sat, 27 Oct 2007 21:50:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076583#M439661 Patrick Wallek 2007-10-27T21:50:05Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076584#M439662 awk -F: '{print $1}|while read list<BR />do<BR />/usr/lbin/getprpw -m lockout $list|awk -F= '$2 != "0000000" {print "DEACTIVATED"}'<BR />done<BR /><BR />Add your own tweaks as needed.<BR /> Mon, 29 Oct 2007 11:04:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076584#M439662 Tim Nelson 2007-10-29T11:04:19Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076585#M439663 ooops.<BR /><BR />awk -F: '{print $1} /etc/passwd|while read list<BR />do<BR />/usr/lbin/getprpw -m lockout $list|awk -F= '$2 != "0000000" {print "DEACTIVATED"}'<BR />done<BR /> Mon, 29 Oct 2007 11:15:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076585#M439663 Tim Nelson 2007-10-29T11:15:41Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076586#M439664 closig with the current informations. Thanks to all. Sun, 18 Nov 2007 19:22:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076586#M439664 skt_skt 2007-11-18T19:22:01Z https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076587#M439665 closig with the current informations. Thanks to all. Sun, 18 Nov 2007 19:22:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/i-need-help-finding-a-way-to-search-for-disabled-account/m-p/5076587#M439665 skt_skt 2007-11-18T19:22:19Z