topic password aging using a script in Operating System - HP-UX

password aging using a script

wvsa — Mon, 14 May 2001 19:08:02 GMT

Greetings, looking for a script (or script pointers) to enable password aging. In the script I would like to set the min time between password aging to 2 and the max time between password aging to 12. Thankyou for your help(s)!

Re: password aging using a script

Jim Moffitt_1 — Mon, 14 May 2001 19:30:23 GMT

You can use SAM to accomplish this. Modify the users account and go into the password options and there is an aging option. This might be the easiest way to go. But if you really want to do aging by a script, set one user up for aging and look at the sam log. This should give you the commands to set up agin.

Re: password aging using a script

Kevin Wright — Mon, 14 May 2001 19:34:59 GMT

sbin/cat /etc/passwd | awk -F: '{print $1}'> /tmp/pass2change

for user in `/sbin/cat /tmp/pass2change`
do
/sbin/passwd -f -x 42 -n 35 $user
echo "changing expiration time for $user to 45 days"
done
rm /tmp/pass2change
-f is force at next login
-x is max days before have to change
-n is max days between changes
see man passwd for other options

Re: password aging using a script

A. Clay Stephenson — Mon, 14 May 2001 19:37:31 GMT

Hi,
I had a shell script which invokes an awk script which was already very close; I modified it for your values and also it does not alter passwd's for users with uid < MIN_UID. You will need to set that value. NOTE: the actual passwd call is commented out so that you can test first. Please see the attachment.

Enjoy, Clay

Re: password aging using a script

A. Clay Stephenson — Mon, 14 May 2001 19:42:06 GMT

Sorry guys,
One small change.
Change the line passwd -x ${PW_MAX} -n ${PW_MIN}
to passwd -x ${PW_MAX} -n ${PW_MIN} ${X}

I left off the user from the command

Clay

Re: password aging using a script

Jim Moffitt_1 — Mon, 14 May 2001 19:53:06 GMT

I stand corrected. Kevin and Clay, great scripts! You learn something new here everyday.

Re: password aging using a script

Nick Wickens — Tue, 15 May 2001 08:27:04 GMT

I had to do a similar task last week - We had discovered that our Informix database was kicking people out of the database mid login with password ageing turned on so I created a script to force the password expiry in the early hours if the password was due to expire that day. You may find some bits of this useful ?

LOGFILE=/tmp/check_passwd_log.$$
EXPIRE=30
TODAY=$(date +%.1j)
YEAR=$(date +%E)
function NOPASS {
DATE=$(date +%d/%m/%y" "%H:%M)
echo "$DATE $USER - Password already awaiting update by user" >> $LOGFILE
}
function NOCHNG {
DATE=$(date +%d/%m/%y" "%H:%M)
echo "$DATE $USER - Password last changed $LYEXP days ago - No action" >> $LOGFILE
}
function EXPPASS {
DATE=$(date +%d/%m/%y" "%H:%M)
echo "$DATE $USER - Password last changed $LYEXP days ago - Forcing change" >> $LOGFILE
echo "passwd -f $USER" >> $LOGFILE
passwd -f $USER
}
# Exclude some users from change (alternate procedure in place)
for USER in $(cut -d":" -f1 /etc/passwd | egrep -v '(root|informix)')
do
EXPYEAR=$(/usr/lbin/getprpw -r -m spwchg $USER| tr -s " "|cut -d" " -f5)
EXPMONTH=$(/usr/lbin/getprpw -r -m spwchg $USER| tr -s " "|cut -d" " -f2)
EXPDAY=$(/usr/lbin/getprpw -r -m spwchg $USER| tr -s " "|cut -d" " -f3)
case $EXPMONTH in
Jan) EXPM=0;;
Feb) EXPM=31;;
Mar) EXPM=58;;
Apr) EXPM=89;;
May) EXPM=119;;
Jun) EXPM=150;;
Jul) EXPM=180;;
Aug) EXPM=211;;
Sep) EXPM=242;;
Oct) EXPM=272;;
Nov) EXPM=303;;
Dec) EXPM=333;;
*) echo $EXPMONTH invalid;exit;;
esac
if [ $EXPYEAR = "1970" ]
then
NOPASS
continue
fi
integer x=$EXPM y=$EXPDAY z=$EXPIRE
let EXP=x+y
if [ $EXPYEAR -lt $YEAR ]
then
# Action to perform if last update was in previous year
let LYEXP=365-$EXP+$TODAY
if [ $LYEXP -ge $EXPIRE ]
then
EXPPASS
else
NOCHNG
fi
else
# Action to perform if last update was in current year
let LYEXP=$TODAY-$EXP
if [ $LYEXP -ge $EXPIRE ]