- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Creating a banner telling user that their password...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 01:11 PM
тАО06-08-2006 01:11 PM
Creating a banner telling user that their password is about to expire.
My password warning that it is about to expire comes up -
f004603:/root >ssh test@ovo12
Password:
Last successful login for test: Fri Jun 9 10:59:30 EST-10EDT 2006
Last unsuccessful login for test: Thu Jun 8 17:04:49 EST-10EDT 2006
Your password will expire on Fri Jun 9 17:41:39 EST-10EDT 2006
Last login: Fri Jun 9 10:59:30 2006 from f004603.ent.fox
This Server is licenced by HP and others.
To view the entire copyright notice, use cat/etc/copyright.orig
I've edited the /etc/copyright file (permission from HP) and I have inserted a sleep 10 in the /etc/profile so the last successful, last unsuccessful logins appear. Teh next line is the warning that the users password is about to expire.
I'd like to somehow grep a file and put it in a banner, much like windows when it pops up a dialogue box to warn you that your password is about to expire. Or I'd like to put a few new lines so that one line for the warning stands out a bit.
Any ideas would be much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 01:50 PM
тАО06-08-2006 01:50 PM
Re: Creating a banner telling user that their password is about to expire.
banner "Happy Birthday Brendon!"
http://docs.hp.com/en/B2355-60103/banner.1.html
'telnetd' daemon has the -b (banner) option. Use inetd -c after this.
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b /etc/issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 04:05 PM
тАО06-08-2006 04:05 PM
Re: Creating a banner telling user that their password is about to expire.
/usr/bin/passwd -s
to see the date of last change & the max number of days between changes. Then with some scripting you can compared that information to the current date, and print your own warning.
You can put all that at the end of the /etc/profile, and then you wouldn't have to worry too much about /etc/copyright.
Now, the only thing I don't know is if regular users can do passwd -s on a trusted system. They should be able to view their own info, but I don't have a trusted system to try this out.
If you need help with date math, search the forums for A. Clay Stephenson's date math script.
Hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 04:52 PM
тАО06-08-2006 04:52 PM
Re: Creating a banner telling user that their password is about to expire.
Is there a file where the Last Login and Unsuccessful login is for a user ?? ideally this would have an extra line regarding the password expiration.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 05:26 PM
тАО06-08-2006 05:26 PM
Re: Creating a banner telling user that their password is about to expire.
last - last successful logins
lastb - for bad logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 05:41 PM
тАО06-08-2006 05:41 PM
Re: Creating a banner telling user that their password is about to expire.
Is there a file where the Last Login and Unsuccessful login is for a user ?? ideally this would have an extra line regarding the password expiration.
----------------------------------
/var/adm/wtmp login for all the users
/var/adm/btmp bad logins
--------------
/var/adm/sulog
/var/adm/adm/shoutdownlog
/etc/utmp
----------------------------------
all this files contains usefull info.
commands:
try:
last--logins
lastb --bad logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 05:54 PM
тАО06-08-2006 05:54 PM
Re: Creating a banner telling user that their password is about to expire.
ie /tcb/files/auth/t/test. In this file I find the following;
test:u_name=test:u_id#111:\
:u_pwd=Blah Blah:\
:u_auditid#23:\
:u_auditflag#1:\
:u_succhg#1149666099:u_suclog#1149830894:u_unsuclog#1149829316:u_lock@:\
:chkent:
There's no line saying when a warning will appear that the users password will need to be changed.
Can anyone help out there ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2006 06:28 PM
тАО06-08-2006 06:28 PM
Re: Creating a banner telling user that their password is about to expire.
Last successful login for test: Fri Jun 9 10:59:30 EST-10EDT 2006
Last unsuccessful login for test: Thu Jun 8 17:04:49 EST-10EDT 2006
Your password will expire on Fri Jun 9 17:41:39 EST-10EDT 2006
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2006 01:27 AM
тАО06-09-2006 01:27 AM
Re: Creating a banner telling user that their password is about to expire.
...jcd...
DOCUMENT
A common question on trusted systems with password aging enabled is to list the time left until user's passwords expire.
The following script lists the number of days left until the password expires, the date it expires and the last time it was changed.
If the password is about to expire within the next day, it can reset the last change time.
The script checks if system wide password aging is enabled, and if password aging for each user is enabled.
It uses a C program called 'time' to obtain the current time.
NOTE: The script does not work for NIS+ users.
NOTE: This script is not supported by HP. Use at your own risk.
To use the script:
# cd /tmp
# cc -otime time.c
# chmod 755 time
# chmod 755 user_expire.sh
Example output with password aging enabled:
# user_expire.sh
System wide password aging is enabled.
User user1: password will expire within one day.
User user2 has 181 days left until password expires User user2 last changed the password on: Mon Dec 16 12:53:01 2002.
User user2 - password will expire on: 2003 Jun 16.
time.c
======
#include
main()
{
printf("%ld\n",time(NULL));
}
user_expire.sh
==============
#!/usr/bin/sh
# Show users in a trusted system whose passwords are about to expire # Reset the u_succhg (spwchg) last successful password change time
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
integer exp_time
integer exp_date
integer current_time
integer last_change
integer time_left
integer days_left
integer seconds_per_day=86400
integer system_wide_aging
integer user_aging
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
system_wide_aging=$(/usr/lbin/getprdef -r -m exptm) if [ $system_wide_aging -eq 0 ] then
print "System wide password aging is disabled.\n"
else
print "System wide password aging is enabled.\n"
fi
for USER in $(listusers | awk '{print $1}') do
user_aging=$(/usr/lbin/getprpw -r -m exptm $USER)
if [ $user_aging -eq "0" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
if [ $system_wide_aging -eq 0 ]
then
if [ $user_aging -eq "-1" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
fi
U=$(echo $USER|cut -c 1)
exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
current_time=$(./time)
passwd_changed=$(grep u_succhg /tcb/files/auth/$U/$USER)
if [ $? = 1 ]
then
print "\nUser $USER does not have valid last successful password"
print "change date. This can happen if tsconvert is used on"
print "the command line to convert the system, instead of SAM."
continue
fi
last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )
((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / seconds_per_day))
last_change_date=$(getprpw -r -m spwchg $USER)
expire_date=$(echo 0d${exp_date}=Y | adb | cut -c 3-13)
if [ $days_left -gt 1 ]
then
print "\nUser $USER has $days_left days left until password expires"
print "User $USER last changed the password on: $last_change_date."
print "User $USER - password will expire on: $expire_date."
else
print "\nUser $USER: password will expire within one day."
# modprpw -l -v $USER
fi
done
exit 0
Note: If the system has PERL installed, the script can use PERL instead of
the 'time' C program. In that case change the line
current_time=$(./time)
to
current_time=$(/opt/perl/bin/perl -e "print time")
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2006 09:00 AM
тАО06-09-2006 09:00 AM
Re: Creating a banner telling user that their password is about to expire.
I did some searching, and apparently if /usr/bin/passwd -s doesn't return a password date & expiration time, then most likely password aging is disabled.
Judging by the script that was posted here, the way you check password aging is with the following commands:
# Check system wide password aging
/usr/lbin/getprdef -m exptm
# Check per user password aging
/usr/lbin/getprpw -m exptm testuser
If you get back an output that looks something like 'exptm=30', then password aging is enabled. If not, then you'll have to enable it. Most people say that you should do that through SAM. If you feel really brave you can also check out modprpw(1m).
Do check the man page for getprpw(1m) & prpwd(4). getprpw will allow you to get a number of values about a user without digging through /tcb/files/auth/. prpwd will explain what each field means.
Sorry that I can't help you more right now. It'll be another week or two before I have a trusted system here.