System Administration
Showing results for 
Search instead for 
Did you mean: 

User account status info: trusted system vs. SMSE

Kenneth Penland
Frequent Advisor

User account status info: trusted system vs. SMSE

I am working on migrating a script (written in perl) that collects information on a specified user and reports back on the status of the users account with regards to whether or not it's locked. On trusted systems it obtained the information by parsing the contents of the user's /tcb/files/auth//$user file or the output of getprpw commands.

That method is not available on systems using SMSE and while I've been able to figure out how to get some of the same info other pieces of info have turned out to be elusive to me.

If anyone has any insight into how I can obtain the following information on a user's profile from a system using SMSE (HP-UX 11.31) I would be most grateful, if it's possible at all:

Date/time of the Last Un-successful password change attempt for $user
Consecutive number of Unsuccesful Logins by $user.
Something comparable to the "lockout" field from the trusted systems auth files.* That field had a 7 characters and depending on where a "1" appeared instead of a "0" it would indicate why a user's account was disabled/locked.

* - I think it's likely that the trusted system's lockout field has no analog in SMSE and that I will simply have to test for the various lockout conditions by comparing date-times, the various pertinent fields in /etc/passwd and /etc/shadow or the output of "#passwd -s $user".

Thank you in advance for your input ladies and gentlemen, have a great one!

Patrick Wallek
Honored Contributor

Re: User account status info: trusted system vs. SMSE

If you have the SMSE bundle installed then have a look at the 'userstat' command. That appears to be able to give you some of the same information you would get from 'getprpw' on trusted systems.

# man userstat

for more info......
Emil Velez
Honored Contributor

Re: User account status info: trusted system vs. SMSE

with SMSE

The user attributes are defined in a database that is accessed via
userdbset to configure the attributes of the user
userdbget to view the attributes of a user.

The attributes for each user are defined in
man security

a user is disabled if his password is *
or the user has hit the AUTH_MAXTRIES parameter

Kenneth Penland
Frequent Advisor

Re: User account status info: trusted system vs. SMSE

Between Patrick and Emil's replies I have almost everything I need.

Patrick: The userstat command is something I was unaware of. It's going to simplify my script quite a bit. Thank you!

Emil: D'oh. I read the manpage for userdbget, but didn't cross-reference /etc/security.dsc.

Of the info I asked for above, "userstat" gets me a very close SMSE equivalent to the lockout field of a Trusted system. "userdbget" could get that info as well, but would require more complex syntax to query. What userdbget can do that userstat cannot is return the count of consecutive login failures. Both of your responses have been very helpful.

All I'm stuck on now is getting the date-time of the user's last FAILED password change attempt...