HPE Community
Operating System - HP-UX
1833275 Members
2711 Online
110051 Solutions
New Discussion

Re: password aging using a script

 
SOLVED
Go to solution
wvsa
Regular Advisor

‎05-14-2001 12:08 PM

‎05-14-2001 12:08 PM

password aging using a script

Greetings, looking for a script (or script pointers) to enable password aging. In the script I would like to set the min time between password aging to 2 and the max time between password aging to 12. Thankyou for your help(s)!

0 Kudos
Reply
6 REPLIES 6
Jim Moffitt_1
Valued Contributor

‎05-14-2001 12:30 PM

‎05-14-2001 12:30 PM

Re: password aging using a script

You can use SAM to accomplish this. Modify the users account and go into the password options and there is an aging option. This might be the easiest way to go. But if you really want to do aging by a script, set one user up for aging and look at the sam log. This should give you the commands to set up agin.
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎05-14-2001 12:34 PM

‎05-14-2001 12:34 PM

Re: password aging using a script

sbin/cat /etc/passwd | awk -F: '{print $1}'> /tmp/pass2change

for user in `/sbin/cat /tmp/pass2change`
do
/sbin/passwd -f -x 42 -n 35 $user
echo "changing expiration time for $user to 45 days"
done
rm /tmp/pass2change
-f is force at next login
-x is max days before have to change
-n is max days between changes
see man passwd for other options
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-14-2001 12:37 PM

‎05-14-2001 12:37 PM

Re: password aging using a script

Hi,
I had a shell script which invokes an awk script which was already very close; I modified it for your values and also it does not alter passwd's for users with uid < MIN_UID. You will need to set that value. NOTE: the actual passwd call is commented out so that you can test first. Please see the attachment.

Enjoy, Clay
If it ain't broke, I can fix that.
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-14-2001 12:42 PM

‎05-14-2001 12:42 PM

Solution

Re: password aging using a script

Sorry guys,
One small change.
Change the line passwd -x ${PW_MAX} -n ${PW_MIN}
to passwd -x ${PW_MAX} -n ${PW_MIN} ${X}

I left off the user from the command

Clay
If it ain't broke, I can fix that.
Reply
Jim Moffitt_1
Valued Contributor

‎05-14-2001 12:53 PM

‎05-14-2001 12:53 PM

Re: password aging using a script

I stand corrected. Kevin and Clay, great scripts! You learn something new here everyday.
0 Kudos
Reply
Nick Wickens
Respected Contributor

‎05-15-2001 01:27 AM

‎05-15-2001 01:27 AM

Re: password aging using a script

I had to do a similar task last week - We had discovered that our Informix database was kicking people out of the database mid login with password ageing turned on so I created a script to force the password expiry in the early hours if the password was due to expire that day. You may find some bits of this useful ?

LOGFILE=/tmp/check_passwd_log.$$
EXPIRE=30
TODAY=$(date +%.1j)
YEAR=$(date +%E)
function NOPASS {
DATE=$(date +%d/%m/%y" "%H:%M)
echo "$DATE $USER - Password already awaiting update by user" >> $LOGFILE
}
function NOCHNG {
DATE=$(date +%d/%m/%y" "%H:%M)
echo "$DATE $USER - Password last changed $LYEXP days ago - No action" >> $LOGFILE
}
function EXPPASS {
DATE=$(date +%d/%m/%y" "%H:%M)
echo "$DATE $USER - Password last changed $LYEXP days ago - Forcing change" >> $LOGFILE
echo "passwd -f $USER" >> $LOGFILE
passwd -f $USER
}
# Exclude some users from change (alternate procedure in place)
for USER in $(cut -d":" -f1 /etc/passwd | egrep -v '(root|informix)')
do
EXPYEAR=$(/usr/lbin/getprpw -r -m spwchg $USER| tr -s " "|cut -d" " -f5)
EXPMONTH=$(/usr/lbin/getprpw -r -m spwchg $USER| tr -s " "|cut -d" " -f2)
EXPDAY=$(/usr/lbin/getprpw -r -m spwchg $USER| tr -s " "|cut -d" " -f3)
case $EXPMONTH in
Jan) EXPM=0;;
Feb) EXPM=31;;
Mar) EXPM=58;;
Apr) EXPM=89;;
May) EXPM=119;;
Jun) EXPM=150;;
Jul) EXPM=180;;
Aug) EXPM=211;;
Sep) EXPM=242;;
Oct) EXPM=272;;
Nov) EXPM=303;;
Dec) EXPM=333;;
*) echo $EXPMONTH invalid;exit;;
esac
if [ $EXPYEAR = "1970" ]
then
NOPASS
continue
fi
integer x=$EXPM y=$EXPDAY z=$EXPIRE
let EXP=x+y
if [ $EXPYEAR -lt $YEAR ]
then
# Action to perform if last update was in previous year
let LYEXP=365-$EXP+$TODAY
if [ $LYEXP -ge $EXPIRE ]
then
EXPPASS
else
NOCHNG
fi
else
# Action to perform if last update was in current year
let LYEXP=$TODAY-$EXP
if [ $LYEXP -ge $EXPIRE ]
Hats ? We don't need no stinkin' hats !!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.