HPE Community
Operating System - HP-UX
1832906 Members
2936 Online
110048 Solutions
New Discussion

Re: Password expiry in a trusted system

 
Amruth
Regular Advisor

‎10-19-2004 12:01 PM

‎10-19-2004 12:01 PM

Password expiry in a trusted system

Hello all,

We have nearly 60 HP UX (Trusted 11.x) systems and according to the policy the password expires after 60 days.

Now my aim is to automate the notifying users when the passwords are near to expiry.

Any thoughts on this...Like a script.

Thanks in advance,
Amruth
If i am doing the same way you are doing to me then what is the difference between us.
0 Kudos
Reply
5 REPLIES 5
Sridhar Bhaskarla
Honored Contributor

‎10-19-2004 12:14 PM

‎10-19-2004 12:14 PM

Re: Password expiry in a trusted system

Hi Amruth,

You can configure the systems with expiry warning time so a message will be displayed beyond that time for the users. However, there is no way a user will know if he/she doesn't logon to the system.

I started implementing it but haven't done yet due to our site policies.

My idea was to

1. Create a file say /etc/expirytab every day night at 12:00 AM. It's a comma seperated file with user, date of the last password change, date of expiry and days left before password expiry.

2. Run a script 'script2' that will send mails to users based on the 'days left before password expiry in /etc/expirytab file.

As you can see writing the script for 2 is very easy. So, I leave it to you.

For getting the expiry information, here is the script. You may need to add some checks like if the user file is not there etc., etc. otherwise 'awk' will hang.

#!/usr/bin/ksh

EXPIRE=60
NOW=$(/usr/contrib/bin/perl -e 'printf "%d\n",time()')

if [ ! -d /tcb ]
then
echo "Only on trusted systems"
exit 1
fi

rm -f /etc/expiry.tab


for USER in $(logins|awk '{print $1}')
do
FIRST=`echo $USER|cut -c1`
USERFILE="/tcb/files/auth/${FIRST}/${USER}"
THEN=$(awk '/u_succhg/ {FS="u_succhg";print $2}' $USERFILE | awk '{FS=":";print $1}'|sed '
s/#//')
WHEN_CHANGED=$(echo 0d${THEN}=Y | adb)

(( EXPIRES_ON_DATE = $THEN + ( $EXPIRE * 86400 ) ))
(( EXPIRES_IN_DAYS = ( $EXPIRES_ON_DATE - $NOW ) / 86400 ))

EXPIRES_ON_DATE=$(echo 0d${EXPIRES_ON_DATE}=Y |adb)


echo "$USER,$WHEN_CHANGED,$EXPIRES_ON_DATE,$EXPIRES_IN_DAYS" >> /etc/expirytab
done


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-19-2004 12:27 PM

‎10-19-2004 12:27 PM

Re: Password expiry in a trusted system

Sorry.. I couldn't help you.
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Amruth
Regular Advisor

‎10-19-2004 12:29 PM

‎10-19-2004 12:29 PM

Re: Password expiry in a trusted system

Sri,

THanks for your quick answer.

My first problem is to find out when the password of a user will expire.

Thanks,
AM

If i am doing the same way you are doing to me then what is the difference between us.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-19-2004 12:36 PM

‎10-19-2004 12:36 PM

Re: Password expiry in a trusted system

When you run the script, it will create a file /etc/expirytab with all those details. Run the script every night to update it. Once you have all the details, you can do anything you want.

-Sri





You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Amruth
Regular Advisor

‎10-19-2004 01:03 PM

‎10-19-2004 01:03 PM

Re: Password expiry in a trusted system

Sri,

I am gonna check this out and will get back to you...

Thanks a lot..

AM
If i am doing the same way you are doing to me then what is the difference between us.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.