We are using c2 / enhanced security on digital unix.
I do not have access to the GUI.
I need to get information on login status for users. Specifically I would like to know who has not logged in within the last 6 months.

I think I can query the edauth files, but I can't find information on what codes to look for and what they mean as far as status.

Anyone know?
thanks

Check out the info on this message at DBforums.com - then look at the format of prpasswd

You will be interested in this:
u_max_login_intvl
A numeric value representing the maximum time, in seconds, since
last successful login before account is disabled. If set for an
account (or system-wide), the user is automatically considered
"locked out" if the last successful login was more than the
specified interval before the current time. As with other
is_locked_out() checks, the grace-period feature allows an over-
ride.

You will need to use a programming language (Perl works) to look at the interval of last login to today's date.

More specifically:
I need to report anyone who has passed their "life time log in" ..this means they have not logged on in so long their id is now locked.
I also need to report the status of the users.
There is a status in the auth file, I want to be able to just query the auth file and get this info for reporting. but i do not know the values and meanings in the parms.

thanks

RTM - thanks, that might help me write this script. I don't know PERL. Its on my list of things to do (from 7 years ago)...

This will help you start -

#!/u/bin/perl
#
# checkdate - a script to check a date (how long ago)
#
# Created 05/07/02 HOG
# ==========================================================================
# Set up variables
$getepoch= time () /60 /60 /24 ;
($nowepoch, $junk) = split (/\./, $getepoch, 2);
$arguement = $ARGV[0];
$diff=$nowepoch - $arguement;
print "Password reset $diff days ago - $nowepoch - $arguement\n";
# -------------------------------------------------------------------------

It gets the time now since epoch and takes off the amount from the third field from /etc/shadow - so if my user daniel last changed their password 12058 - the script converts it to how many days ago. You would have to change it to grab the correct field you are looking for (and add in to look into a file )

Example from /etc/shadow (modified username and encrypted password ;-):

daniel:xxxx:12058::35:14:::

# ./checkdate.pl 12058
Password reset 11 days ago - 12069 - 12058

The 12069 is today. 12058 was 11 days ago. I'm looking for folks who haven't changed their password in 60+ days but never automated it into a report - you could change this to do that but would have to be able to look into your file that contains the info and then put out a report of anyone 180+ days ago (approximatly 6 months).