HPE Community
Operating System - HP-UX
1832994 Members
2284 Online
110048 Solutions
New Discussion

Re: how to get a warning before passwords expire

 
SOLVED
Go to solution
Dave Chamberlin
Trusted Contributor

‎10-28-2004 03:50 AM

‎10-28-2004 03:50 AM

how to get a warning before passwords expire

Hello,
I recently converted my systems running hpux 11.0 to trusted mode, and enabled password aging. The issue I have had so far is that there is no warning the a user password is going to expire. I am concerned that root will expire and lock me out of the machine. I am also concerned about accounts that may not have much login activity and will be locked out without ever knowing when they needed to be updated. Is there a way to find out how much time a user has until their password expires? Ideally I would like to run a script with my other daily info scripts, that would inform me before I have an issue.
Thanks
0 Kudos
7 REPLIES 7
Fred Ruffet
Honored Contributor

‎10-28-2004 03:53 AM

‎10-28-2004 03:53 AM

Re: how to get a warning before passwords expire

Have a look at -w option (warn) in passwd man page.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Mark Greene_1
Honored Contributor

‎10-28-2004 03:57 AM

‎10-28-2004 03:57 AM

Re: how to get a warning before passwords expire

Launch sam and select "users". In the "Action" menu item, select "Modify Security Policy". You'll have an option for "Password Aging Policies". One of the values there is for Password Exipration warning time. IIRC, this is a global value.

mark
the future will be a lot like now, only later
0 Kudos
RAC_1
Honored Contributor

‎10-28-2004 03:59 AM

‎10-28-2004 03:59 AM

Solution

Re: how to get a warning before passwords expire

man getprpw.

the setting expwarn controls the password expiry warning time. Setting it to 7 will inform/warn you for that last 7 days before password is to be expired. now you can put that entry in in script and have some calculation to tell that xx no. of days are remained, before password will expire.

Something like follows.

#!/usr/bin/ksh
typeset -i lif_time=$(/usr/lbin/getprpw -m exptm "user_name")
typeset -i exp_warn=$(/usr/lbin/getprpw -m expwarn "user_name")

typeset -i days_remained = $($lif_time - $exp_warn)

echo "days remained before pass expiry $days_remained" | mailx -s "Password exp info" user@abc.com

Script not tested, but should work.

Anil
There is no substitute to HARDWORK
0 Kudos
Deoncia Grayson_1
Honored Contributor

‎10-28-2004 03:59 AM

‎10-28-2004 03:59 AM

Re: how to get a warning before passwords expire

Check out the -w option on passwd, it will work on a trusted server.
If no one ever took risks, Michelangelo would have painted the Sistine floor. -Neil Simon
0 Kudos
Fred Ruffet
Honored Contributor

‎10-28-2004 04:15 AM

‎10-28-2004 04:15 AM

Re: how to get a warning before passwords expire

You must also know if you want to script an automatic mailing, that last part of your encrypted password field in /etc/passwd represent the expire time.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Mark Greene_1
Honored Contributor

‎10-28-2004 04:23 AM

‎10-28-2004 04:23 AM

Re: how to get a warning before passwords expire

Fred,

The embedded expiration time in the /etc/password file only applies to untrusted systems. I made the mistake of thinking I could rely on that when converting a system earlier this year.

See the man pages for modprpw and getprpw commands


mark
the future will be a lot like now, only later
0 Kudos
Dave Chamberlin
Trusted Contributor

‎10-28-2004 04:46 AM

‎10-28-2004 04:46 AM

Re: how to get a warning before passwords expire

Thanks for the fast responses (This is still the best forum out there...)! The getprpw command has what I need (My system does not have a man page for it - but found the man page on the ITRC forum ). This will let me keep on top of things.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.