HPE Community
Operating System - Linux
1819833 Members
2870 Online
109607 Solutions
New Discussion юеВ

Notifying Users of Mandatory Password Changes

 
Andrew Kaplan
Super Advisor

тАО12-20-2006 12:31 AM

тАО12-20-2006 12:31 AM

Notifying Users of Mandatory Password Changes

Hi there --

Is there a script that would notify users that they need to change their passwords within a given timeframe? I know chage will check individual user accounts, but can it be used to check all user accounts and have the results either e-mailed to the administrator or to the various users? Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
7 REPLIES 7
George Liu_4
Trusted Contributor

тАО12-20-2006 01:10 AM

тАО12-20-2006 01:10 AM

Re: Notifying Users of Mandatory Password Changes

I have a few. Are you using local accounts or ldap accounts?
0 Kudos
Reply
Andrew Kaplan
Super Advisor

тАО12-20-2006 01:15 AM

тАО12-20-2006 01:15 AM

Re: Notifying Users of Mandatory Password Changes

Hi there --

Thanks for your reply. The accounts in question are all local to the machine.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
George Liu_4
Trusted Contributor

тАО12-20-2006 04:34 AM

тАО12-20-2006 04:34 AM

Re: Notifying Users of Mandatory Password Changes

#!/bin/bash

users=`grep -v ":\!\!:" /etc/shadow|grep -v ":\*:" |grep -v root|cut -f1 -d:`
expire_time=90
today=$(( `perl -le 'print time'` / 86400 ))

for user in $users ; do
last_change=$(( `grep $user /etc/shadow |cut -f3 -d:` ))
days_left=$(( $expire_time - $today + $last_change ))
if [ $days_left -lt 15 -a $days_left -ge 0 ]; then
user_mail=`grep $user /etc/passwd|cut -f5 -d: `
# echo
# echo "ATTENTION: The password of $user will expire in $days_left days.\n"

mail -s "Your password on xxx system will expire in $days_left" $user_mail << EOF
Hello,
Your password of account $user, which is used for accessing xxx server on
host `uname -n`, will expire in $days_left days.

Please update your password.

Thanks for your support!

EOF


fi
done

0 Kudos
Reply
Andrew Kaplan
Super Advisor

тАО12-20-2006 07:16 AM

тАО12-20-2006 07:16 AM

Re: Notifying Users of Mandatory Password Changes

Hi there --

I created the script according to the text that your posted in the forum. When I ran the script a series of messages appeared indicating problems sending to the address , and then to the adderss .

What changes should I make to correct this? Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО12-20-2006 07:59 AM

тАО12-20-2006 07:59 AM

Re: Notifying Users of Mandatory Password Changes

Hi Andrew:

The format and contents of the fifth field (one-relative) of '/etc/passwd' is left to an administrator's discretion. George's script appears to assume that the fifth field contains a string that represents a valid email address. Your 'passwd' database apparently does not follow this convention.

You can simply create mail to the account on the server that you are examining with this change:

...
if [ $days_left -lt 15 -a $days_left -ge 0 ]; then
mail -s "Your password on xxx system will expire in $days_left" $user << EOF
Hello,
Your password of account $user, which is used for accessing xxx server on
host `uname -n`, will expire in $days_left days.
Please update your password.
Thanks for your support!
EOF

...Note that I dropped the line:

user_mail=`grep $user /etc/passwd|cut -f5 -d: `

...and used ${user} in lieu of ${user_mail} for the mail account.

Regards!

...JRF...
0 Kudos
Reply
George Liu_4
Trusted Contributor

тАО12-20-2006 08:20 AM

тАО12-20-2006 08:20 AM

Re: Notifying Users of Mandatory Password Changes

My original script is used to get mail address from different database so I leave the way as it is.
0 Kudos
Reply
Andrew Cowan
Honored Contributor

тАО12-20-2006 07:12 PM

тАО12-20-2006 07:12 PM

Re: Notifying Users of Mandatory Password Changes

"passwd -w" will start to warn users once their password comes within a certain number of days before expiry.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.