HPE Community
Operating System - HP-UX
1833729 Members
2296 Online
110063 Solutions
New Discussion

passwd -a -s

 
Tim Downs
Advisor

‎01-03-2006 08:27 AM

‎01-03-2006 08:27 AM

passwd -a -s

We use the above command in a perl script to send emails to users that their password is going to expire. The problem we are having is that when the command is run some of the users information is not populated by the passwd command -(examples below -small sample user gmm1018 is how they should all look)

gmm1018 PS 12/28/05 0 90 14
txp0329 PS
pjg0917 PS
abc0128 PS
txy1213 PS

The users txpo0329 and below will never receive and email because those other fields are not populated. I have checked all the security setups for each user and they are identical. I also have PHCO_24189 installed.

We are on HP-UX lawson B.11.00 U 9000/800
0 Kudos
Reply
5 REPLIES 5
Victor Fridyev
Honored Contributor

‎01-03-2006 08:42 AM

‎01-03-2006 08:42 AM

Re: passwd -a -s

Hi,

You have to create for each user in his home directory file called .forward and put into it the user's mail address, e.g for txp0329: tim_downs@downs.com
In this case mail sent to txp will be redirected to Tim.

HTH
Entities are not to be multiplied beyond necessity - RTFM
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-03-2006 08:47 AM

‎01-03-2006 08:47 AM

Re: passwd -a -s

Hi Tim:

This behavior is expected. If there is isn't any aging information, then only the name and status are returned. This is better documented in the 11i manpages:

http://docs.hp.com/en/B2355-60127/passwd.1.html

Regards!

...JRF...
0 Kudos
Reply
Tim Downs
Advisor

‎01-04-2006 02:24 AM

‎01-04-2006 02:24 AM

Re: passwd -a -s

We do have aging information on these users because their passwords are expiring every 90 days just like everyone else. It appears to happen to the newest users that have been setup on the system (within the last 2 years). We also have this setup as a trusted system.
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎01-04-2006 04:43 AM

‎01-04-2006 04:43 AM

Re: passwd -a -s

Hi Tom,

the way HP-UX is storing password aging information is a bit brain damaged,
as compared to other Unices.
(e.g. Solaris and Linux place that in /etc/shadow)

To play with I temporarily assigned this account's passwd

$ grep saz /etc/passwd
saz:eM6Z04PZmIo6c,/.KR:102:20:SAZ login:/home/saz:/sbin/sh

As you can see, the aging info is stored within the passwd field in a string directly following a comma.
Placing it there is really bizarre.

This would translate to

$ passwd -s saz
saz PS 12/29/05 0 7

Actually, since you already are using a Perl script, why not let Perl retreive the data by its built-in mappings of the standard syscalls?

You can get displayed (via Config.pm) what your Perl built actually supports,
as far as passwords are concerned.

$ perl -V:d_pw.+
d_pwage='define'
d_pwchange='undef'
d_pwclass='undef'
d_pwcomment='define'
d_pwexpire='undef'
d_pwgecos='define'
d_pwpasswd='define'
d_pwquota='undef'


Ah, that's a shame.
On HP-UX we don't get the passwd expiration,
but pwage is defined.

You need to look at "perldoc -f getpwent"
to see what lists are returned.


$ perl -e 'print join("\n",getpwnam("saz"),"")'
saz
eM6Z04PZmIo6c
102
20
/.KR
SAZ login
SAZ login
/home/saz
/sbin/sh


That's really oblique.
My Perl build returns the aging string as 5th list element which ought to be the gecos field according to the POD.

But now you only need to map the "encoding"
(which is some sort of Base64 according to "man 4 passwd")

So you could probably do something like this
(sorry webserver flattens the indentations)


my (@agers, %map_age);

{ my $i=0;
%map_age = map { $_ => $i++ } (qw[. /], 0..9, 'A'..'Z', 'a'..'z');
}
while (my @rec = getpwent) {
push @agers, [@rec[0,4]] if $rec[4];
}

foreach my $ager (@agers) {
my ($max_weeks, $min_weeks) =
map{$map_age{$_}} split(//, substr($ager->[1], 0, 2));
if ($max_weeks <= 1) {
my $user_to_mail = $ager->[0];
#
# implement emission of mail here
}
}
Madness, thy name is system administration
0 Kudos
Reply
Tim Downs
Advisor

‎01-05-2006 05:41 AM

‎01-05-2006 05:41 AM

Re: passwd -a -s

I have this figured out. We have a trusted system and when you pick the password aging on a user and pick Default(Enabled) it fills in our default values. The problem is the information in the users password file is incomple(/tcb/files/auth/). The u_minchg, u_exp, u_pw_expire_warning, u_life are not populated. If I change the password aging to Enable and fill in the info then the information is populated. I guess I don't understand that when you take the option of Default(Enabled) and the policies work it doesn't populate the fields until you manually type the information in and pick Enable.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.