cancel
Showing results for 
Search instead for 
Did you mean: 

pw_age field using getpwnam

SOLVED
Go to solution
Alex Feng
Advisor

pw_age field using getpwnam

Hi everybody,

I am using HPUX 11.11

I have been looking at the pw_age field of the login record (struct passwd) using getpwname and experienting with aging. The pw_age field (which can be seen
in the /etc/passwd) can changes anywhere from "B/PT", "//bT", "0/aT", "0/dT",...etc depending on how many days I set the password to expire.

Is there a way to determine what these values mean? I have a request from a user to determine from these values when their password is expired. Is there a better way to find out if a password has expired?

Thanks.
12 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: pw_age field using getpwnam

Hi Alex:

See:

http://www.docs.hp.com/en/B3921-60631/passwd.4.html

...under "Password Field".

Regards!

...JRF...
Alex Feng
Advisor

Re: pw_age field using getpwnam

Hi James or whomever else may know,

I have been experimenting with the following commands

Command: passwd -f -n 1 -x 91 fms
Aging Value: B/PT

Command: passwd -f -n 1 -x 1 fms
Aging Value: //bT

Command: passwd -f -n 1 -x 2 fms
Aging Value: //bT

Command: passwd -f -n 1 -x 10 fms
Aging Value: 0/aT

Command: passwd -f -n 1 -x 15 fms
Aging Value: 1/ZT


In all these instances the users are forced to change their password right-a-way.

But According to the documentation (if m = M = 0, derived from . or ..) then it's supposed to mean expired.

So how can I tell if the user wants to also right-a-way expire the password as well?
James R. Ferguson
Acclaimed Contributor

Re: pw_age field using getpwnam

Hi (again):

> In all these instances the users are forced to change their password right-a-way.

Using the '-f' option forces immediate expiration. See the 'passwd(1)' manpages for the details:

http://www.docs.hp.com/en/B3921-60631/passwd.1.html

Regards!

...JRF...
Alex Feng
Advisor

Re: pw_age field using getpwnam

The documentation says the last 2 characters are for the aging.

For example "B/PT", the P is supposed to represent "27". So does that mean 27 weeks since the last password change?

What does the "T" mean if it means anything at all?

Unfortunately the documentation is a little brief on how to interpet these last 2 characters.
Hein van den Heuvel
Honored Contributor

Re: pw_age field using getpwnam

Well, it seems to be a funky base-64 notation.

So you have to multiply the value for the first char by 64 and then add the value for the second.

Here is an example in perl, how to print the 'weeks' value for a character:

perl -le 'foreach (q(.),q(/),0..9,A..Z,a..z) {$x{$_}=$i++}; print $x{(shift)}'


And here is that example expanded to tage 2 characters as (seperate) arguments, figure out the weeks and from there the time:

perl -le 'foreach (q(.),q(/),0..9,A..Z,a..z) {$x{$_}=$i++}; print scalar localtime(7*86400*(64*$x{(shift)}+$x{(shift)}))' T P

.... Wed Jul 16 20:00:00 2008

or if I have those reversed

.... Wed Sep 17 20:00:00 2003

enjoy,
Hein.

Alex Feng
Advisor

Re: pw_age field using getpwnam

Hein,

Thanks for your reply. For this one:

perl -le 'foreach (q(.),q(/),0..9,A..Z,a..z) {$x{$_}=$i++}; print scalar localtime(7*86400*(64*$x{(shift)}+$x{(shift)}))' T P

Where does the 86400 and 7 come from and how did they, when multipled by the aging characters give the date?

Something to do with the based date of 1970 they mentioned in the documentation?

- Alex
Hein van den Heuvel
Honored Contributor
Solution

Re: pw_age field using getpwnam

>> Where does the 86400 and 7 come from and ?

86400 = 24 * 60 * 60 = the number of seconds in an average day.

7 = then number of days in a week :-)

>> how did they, when multipled by the aging characters give the date?
Something to do with the based date of 1970 they mentioned in the documentation?

Yes.

When multiplied with the number of weeks since the beginning of (unix) time, they become to be the number of seconds since 'the beginning of time'... which 'time()' as a scalar happily formats.



Dennis Handly
Acclaimed Contributor

Re: pw_age field using getpwnam

Attached is a C source (passwd_expires.c) I wrote to print the expiration date.
$ passwd_expires 1/ZT
Max weeks to expire: 3
Min weeks to reset: 1
Weeks since 1970: 2021
Password was reset on: Wed Sep 24 17:00:00 2008
Password expires on: Wed Oct 15 17:00:00 2008
Alex Feng
Advisor

Re: pw_age field using getpwnam

Hein and Dennis thanks for making it clear for me. The C code really helps, since I don't do too much Perl coding.
TTr
Honored Contributor

Re: pw_age field using getpwnam

Alex,

The very first reply from JRF contains the URL that has exactly the explanation that you were asking. If only you had read it carefully...


The characters used to represent "digits" are . for 0, / for 1, 0 through 9 for 2 through 11, A through Z for 12 through 37, and a through z for 38 through 63.
...
The first character of the age, M, denotes the maximum number...
If m = M = 0 (derived from the string . or ..), the user is forced to change...

Dennis,Hein thanks for the code. I have been using a shell script I wrote with 64 variables in it to make the conversion.

Alex Feng
Advisor

Re: pw_age field using getpwnam

Ok
Dennis Handly
Acclaimed Contributor

Re: pw_age field using getpwnam

>TTr: If only you had read it carefully.

There is a big difference between words and an actual program. See my comments in mine.
I don't see anywhere in passwd(4) where it explains my comment:
k = mapped[3] * 64 + mapped[2]; /* swapped order? */
And Hein's comment: or if I have those reversed