If you are running a trusted system then you can execute /usr/lbin/getprpw and examine the lockout field. This is a 7 character string which consists of 0's and 1's. A 1 indicates a locked account and its position indicates the reason. Man getprpw for details (and look for the "lockout" description).
This should be very close:
-----------------------------------------
#!/usr/bin/sh
typeset -i STAT=0
typeset U=""
typeset L=""
logins -t | awk '{print $1}' | while read U
do
echo "${U}\t\c"
L=$(/usr/lbin/getprpw -r -m lockout ${U} 2>/dev/null)
STAT=${?}
if [[ $STAT -eq 0 ]]
then
echo "${L}\c"
else
echo "???????\c"
fi
echo
done
exit ${STAT}
--------------------------------------------
The logins command is used to get the users and then each user is sent to getprpw. I'll leave the translation of the lockout string as an exercise. If you are not running a trusted system then only a small subset of the data you are seeking is available.
If it ain't broke, I can fix that.
