Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Finding the expiration details for an account - How to without using X windows.?

Stuart Green
Frequent Advisor

Finding the expiration details for an account - How to without using X windows.?

How can I find out what the expiration frequency of an account is. ie Password lifetime etc.

I might answer my own question here, but wouldn't mind any comment or confirmation on my theory behind what I believe may be the correct procedure to find this out.

Now when I perform:
edauth -g freddie

the following fields are returned with values:-

u_name, u_id, u_pwd, u_succhg, u_unsucchg, u_pwchanger, u_pwdict, u_oldcrypt, u_suclog, u_suctty, u_unsuctty, u_unsuclog, u_lock@

I believe the information in these fields is not enough to answer my initial query, so my assumption that the system security default settings are applied to this user as they are not specified within this users settings.


So if I were to look at /etc/auth/system/default

and pick out the line:
:u_maxlen#20:u_exp#7776000:u_life#432000000:u_pickpw:\

perform the conversion
# /usr/bin/perl -e "print scalar localtime(7776000)"
Wed Apr 1 00:00:00 1970

From this could I assume then that the answer to this example is that the time between password changes are 3 months = 90 days.

Is this assumption correct?

Await your response, thanks.
2 REPLIES
Victor Semaska_3
Esteemed Contributor

Re: Finding the expiration details for an account - How to without using X windows.?

Stuart,

Sounds right to me. If a field isn't changed from the default value then that field won't be in the user's record, you have to look at the default record. You get get the record with '# edauth -g -dd'.

As for the time itself. Another way to look at it is there's 86,400 seconds in a day so 7776000/86400=90 days.

Did you notice your default password liftime is 5000 days! 432000000/86400=5000.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
Ivan Ferreira
Honored Contributor

Re: Finding the expiration details for an account - How to without using X windows.?

u_exp is the time in seconds, so:

7776000/3600=2160 hours
2160/24=90 days


See also, man prpasswd
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?