HPE Community
Operating System - HP-UX
1834442 Members
1998 Online
110067 Solutions
New Discussion

Trusted. Display expired accounts.

 
SOLVED
Go to solution
Richard Pereira_1
Regular Advisor

‎11-03-2004 05:40 AM

‎11-03-2004 05:40 AM

Trusted. Display expired accounts.

Hi,

I have dozens of 11.i servers which are trusted and need a way to track down user ids that are inactive. Is there way to get this through modprpw or similar commands? Preferably something i could script to automate.

thanks in advance,
Richard
0 Kudos
Reply
5 REPLIES 5
Sanjay_6
Honored Contributor

‎11-03-2004 05:48 AM

‎11-03-2004 05:48 AM

Re: Trusted. Display expired accounts.

Hi Richard,

Maybe the script in this link from itrc might help,

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000074740865

The itrc doc id is USECKBAN00000934.

hope this helps.

Regds
0 Kudos
Reply
Rick Garland
Honored Contributor

‎11-03-2004 06:32 AM

‎11-03-2004 06:32 AM

Re: Trusted. Display expired accounts.

Another option - required scripting on your part.

In the /tcb/auth/files directory are the accounts of the system. Within each account file you can decipher the info regarding the passwd expiration, disabled, etc. Write a script to enter into each file and check for the pattern that says the account is disabled.
0 Kudos
Reply
Sundar_7
Honored Contributor

‎11-03-2004 06:37 AM

‎11-03-2004 06:37 AM

Solution

Re: Trusted. Display expired accounts.

You can query lockout parameter of the user

# logins | awk '{print $1}' | xargs -n1 | while read USER
do
LOCKOUT=$(getprpw -m lockout $USER)
if [ "$LOCKOUT" != "lockout=0000000" ]
then
echo "User account is not active or locked for reasons"
fi
done

a bit ON (i.e 1) in any of the lockout word position indicates the reason for the lockout.



Learn What to do ,How to do and more importantly When to do ?
Reply
Bill Hassell
Honored Contributor

‎11-03-2004 07:04 AM

‎11-03-2004 07:04 AM

Re: Trusted. Display expired accounts.

/usr/lbin/getprpw will give you all these details without reading through the /tcb database. Another technique is to use the under-utilized command: logins (logins -a) Or you can use passwd -s for a specific name, passwd -s -a for everyone.


Bill Hassell, sysadmin
0 Kudos
Reply
Richard Pereira_1
Regular Advisor

‎11-08-2004 01:25 AM

‎11-08-2004 01:25 AM

Re: Trusted. Display expired accounts.

I ended up using the following command;
getprpw -m slogint (username)
slogint time of last successful login
and scripted it.
#################################
for i in `cut -d : -f 1 /etc/passwd`
do
a=$(/usr/lbin/getprpw -m slogint $i | grep -v $yr)
echo $i " " $a >>./user_idle.tmp
done
cat ./user_idle.tmp | grep slogint
#################################

Where $yr equals this year. I have run this on several machine and have found several accounts that havent logged in since last year (which is a start for deleting accounts here).
THanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.