HPE Community
Operating System - HP-UX
1826464 Members
3148 Online
109692 Solutions
New Discussion

How to determine number of days left till password expire?

 
SOLVED
Go to solution
Michael Kan
Occasional Advisor

‎04-04-2002 11:43 PM

‎04-04-2002 11:43 PM

How to determine number of days left till password expire?

I have remote applications connecting to my server using it's own dedicated username and password. I have set it to expire after 84 days. But each time it expires, my application will have problems and I wouldn't know it till someone calls me up with a complain. Is there any command to check the number of remaining days before password expiration? I know the command passwd -s shows the date of setting the password aging, but there's just too many to check manually. I'm actually trying to create a script to check the password expiration periodically. Any hints or helps is much appreciated.
Pls help me!
0 Kudos
Reply
17 REPLIES 17
Rainer von Bongartz
Honored Contributor

‎04-04-2002 11:58 PM

‎04-04-2002 11:58 PM

Re: How to determine number of days left till password expire?


You could do this writing a small C program using the system call
getprwent() . (see man )

this call returns a struct pr_passwd which holds all informations you want

I use this to generate a mail warning 5 days befor passwords expire

Regards
rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Systeemingenieurs Infoc
Valued Contributor

‎04-05-2002 12:02 AM

‎04-05-2002 12:02 AM

Re: How to determine number of days left till password expire?

I think one can play with the
/tcb/files/auth/system/default
and the
/tcb/files/auth/u/user1
files

I think the needed tags are u_exp# and
u_succhg#. If you add these to, and convert
the date, you should be able to construct the
expiration time (i guess).

Hein Coulier
A Life ? Cool ! Where can I download one of those from ?
0 Kudos
Reply
Deepak Extross
Honored Contributor

‎04-05-2002 12:03 AM

‎04-05-2002 12:03 AM

Re: How to determine number of days left till password expire?

Hi,
Doesn't "passwd -s -a" give you what you need?
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎04-05-2002 12:09 AM

‎04-05-2002 12:09 AM

Re: How to determine number of days left till password expire?

sorry; the call is

getprpwent().

Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Michael Kan
Occasional Advisor

‎04-05-2002 12:43 AM

‎04-05-2002 12:43 AM

Re: How to determine number of days left till password expire?

Rainer,Systeemingenieurs Infoco : Errr my system is not a trusted system. Am I still able to use the getprwent()?
And I am also no good in C. Any suggestion?

Deepak : The passwd only gives me the date of enabling the aging of passwords.
Pls help me!
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎04-05-2002 12:53 AM

‎04-05-2002 12:53 AM

Re: How to determine number of days left till password expire?

Sorry, as the manual says:

getprpwent, getprpwuid, gettprpwaid, and getprpwnam each returns a
pointer to a pr_passwd structure containing the broken-out fields of a
line in the protected password database

, so it's only valid for trusted systems

Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Michael Tully
Honored Contributor

‎04-05-2002 01:03 AM

‎04-05-2002 01:03 AM

Re: How to determine number of days left till password expire?

Hi,

You can only set this up within the
confines of a trusted system.
Once setup this type of configuration
can be set per user. You can set up
global rules for most users, and
exceptions for special users should you
wish. These facilities are not available
without the system being setup as
trusted.

If you have a test system, set it as
trusted and check it out. Using 'sam'
is the best way to start.

Cheers
~Michael~
Anyone for a Mutiny ?
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎04-05-2002 06:49 AM

‎04-05-2002 06:49 AM

Re: How to determine number of days left till password expire?

the expiration information appears to be stored in one of the files in /var/spool/pwgr. they are all binary files, so if you don't do C, I'm not sure how you are going to extract the information. pwd_name_hash.pag or pwd_uid_hash.pag appear to be the likely suspects from what I can gather using cat -v. however, they are both the same size, so they may be mirrored versions of each other, or at least have the same fixed format.

a string search of the man pages does not return any references to /var/spool/pwgr (no big surprise), but you may find a reference to the files in a security doc or white paper if you search hp's web site.

HTH
mark
the future will be a lot like now, only later
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-05-2002 09:37 AM

‎04-05-2002 09:37 AM

Re: How to determine number of days left till password expire?

Hi Micheal:

You were fortunate in that I already had a Perl script to do this. Note that in a non-trusted environment the expiration is encoded as the number of weeks left in base64. Man 4 passwd for details.

If you execute pwwarn.pl user1 [user2 ...], it will output a line for each user like this
user1 4096
user2 2
user3 0

Where the number is the number of weeks left. 4096 (64 * 64) indicates that this passwd does not expire.


Regards, Clay
If it ain't broke, I can fix that.
Reply
Michael Kan
Occasional Advisor

‎04-05-2002 05:54 PM

‎04-05-2002 05:54 PM

Re: How to determine number of days left till password expire?

Hi A. clay Stephenson: How to I use a Perl script. I have only used Shell scripts ?
I don't know how to run the script that you created... Pls help.
Pls help me!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-06-2002 12:18 PM

‎04-06-2002 12:18 PM

Re: How to determine number of days left till password expire?

Depending upon the version of HP-UX that you are running, you have a very old version of Perl or the newer 5.6 version. If you are running 10.x, you have an old, obsolete version and you should install a newer version of Perl from any of the HP-UX Porting Centres.
e.g. http://hpux.cs.utah.edu/hppd/hpux/Languages/perl-5.6.1/

Execute perl -v to display your version.

The Perl package is installed like any package using swinstall. Typically, you symbolically link /opt/perl5/bin/perl to /usr/bin/perl.

After that you simply execute 'pwwarn.pl tom dick harry' just as you would a shell script. The 'shebang' statement #!/usr/bin/perl automatically causes the shell to invoke perl or your can execute explicitly like 'perl pwwarn.pl tom dick harry'.

If it ain't broke, I can fix that.
Reply
Michael Kan
Occasional Advisor

‎04-16-2002 02:00 AM

‎04-16-2002 02:00 AM

Re: How to determine number of days left till password expire?

Hi Rainer von Bongartz :
Can I request you to give me the C program ?? Because we will be converting our system into trusted later on. Really appreciate it.
Thank you.
Pls help me!
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎04-16-2002 05:16 AM

‎04-16-2002 05:16 AM

Solution

Re: How to determine number of days left till password expire?

Michael,

find the small C-program as attachment.

Change it to your needs but dont't blame me for anything.


Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Reply
Michael Kan
Occasional Advisor

‎04-16-2002 04:26 PM

‎04-16-2002 04:26 PM

Re: How to determine number of days left till password expire?

Thank you very much, Rainer von Bongartz.
Pls help me!
0 Kudos
Reply
Michael Kan
Occasional Advisor

‎04-17-2002 11:03 PM

‎04-17-2002 11:03 PM

Re: How to determine number of days left till password expire?

Hi Rainer von Bongartz,

I get a coredump when running the executable. I compiled it with # cc -o exe source.c
Then when I run the exe, i get this msg -->
/usr/lib/dld.sl: Unresolved symbol: getprpwent (code) from ./pwd_check
Abort(coredump)

Anyone know why?
Thank you.
Pls help me!
0 Kudos
Reply
Rod McLean
Occasional Advisor

‎05-07-2002 11:04 PM

‎05-07-2002 11:04 PM

Re: How to determine number of days left till password expire?

Michael,

try compiling with -lsec

cc -o exe source.c -lsec

It will probably only work on a trusted system

Rod
0 Kudos
Reply
Michael Kan
Occasional Advisor

‎05-07-2002 11:43 PM

‎05-07-2002 11:43 PM

Re: How to determine number of days left till password expire?

Thank you for your answers.

I actually have downloaded another C program from the internet to calculate the number of days between two dates. From there I just write a shell script to use the program to check the number of days before the password expires.
Pls help me!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.