Found this out on tek-tips. Sounds like what you are looking for. I have not tested it.
...jcd...
DOCUMENT
A common question on trusted systems with password aging enabled is to list the time left until user's passwords expire.
The following script lists the number of days left until the password expires, the date it expires and the last time it was changed.
If the password is about to expire within the next day, it can reset the last change time.
The script checks if system wide password aging is enabled, and if password aging for each user is enabled.
It uses a C program called 'time' to obtain the current time.
NOTE: The script does not work for NIS+ users.
NOTE: This script is not supported by HP. Use at your own risk.
To use the script:
# cd /tmp
# cc -otime time.c
# chmod 755 time
# chmod 755 user_expire.sh
Example output with password aging enabled:
# user_expire.sh
System wide password aging is enabled.
User user1: password will expire within one day.
User user2 has 181 days left until password expires User user2 last changed the password on: Mon Dec 16 12:53:01 2002.
User user2 - password will expire on: 2003 Jun 16.
time.c
======
#include
main()
{
printf("%ld\n",time(NULL));
}
user_expire.sh
==============
#!/usr/bin/sh
# Show users in a trusted system whose passwords are about to expire # Reset the u_succhg (spwchg) last successful password change time
set -u
PATH=/usr/bin:/usr/sbin:/usr/lbin
integer exp_time
integer exp_date
integer current_time
integer last_change
integer time_left
integer days_left
integer seconds_per_day=86400
integer system_wide_aging
integer user_aging
NOTTRUSTED=/sbin/true
if [ -x /usr/lbin/modprpw ]
then
modprpw 1> /dev/null 2>&1
if [ $? -eq 2 ]
then
NOTTRUSTED=/sbin/false
fi
fi
if $NOTTRUSTED
then
print "\n This system is not a Trusted System"
exit 1
fi
system_wide_aging=$(/usr/lbin/getprdef -r -m exptm) if [ $system_wide_aging -eq 0 ] then
print "System wide password aging is disabled.\n"
else
print "System wide password aging is enabled.\n"
fi
for USER in $(listusers | awk '{print $1}') do
user_aging=$(/usr/lbin/getprpw -r -m exptm $USER)
if [ $user_aging -eq "0" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
if [ $system_wide_aging -eq 0 ]
then
if [ $user_aging -eq "-1" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
fi
U=$(echo $USER|cut -c 1)
exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
current_time=$(./time)
passwd_changed=$(grep u_succhg /tcb/files/auth/$U/$USER)
if [ $? = 1 ]
then
print "\nUser $USER does not have valid last successful password"
print "change date. This can happen if tsconvert is used on"
print "the command line to convert the system, instead of SAM."
continue
fi
last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )
((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / seconds_per_day))
last_change_date=$(getprpw -r -m spwchg $USER)
expire_date=$(echo 0d${exp_date}=Y | adb | cut -c 3-13)
if [ $days_left -gt 1 ]
then
print "\nUser $USER has $days_left days left until password expires"
print "User $USER last changed the password on: $last_change_date."
print "User $USER - password will expire on: $expire_date."
else
print "\nUser $USER: password will expire within one day."
# modprpw -l -v $USER
fi
done
exit 0
Note: If the system has PERL installed, the script can use PERL instead of
the 'time' C program. In that case change the line
current_time=$(./time)
to
current_time=$(/opt/perl/bin/perl -e "print time")
If I had only read the instructions first??
