Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password Aging script non-shadow non-trusted
Operating Systems HP-UX Password Aging script non-shadow non-trusted Post 302539000 by sparcguy on Thursday 14th of July 2011 10:30:43 PM
Old 07-14-2011
Password Aging script non-shadow non-trusted
basically there are several different versions of hpux, this script is for particular version that is non-trusted but also does not use any shadow files.This one is a little harder to do.

Usually the time stamp of the last password change is stored as an epoch number in the shadow file, for non-shadow untrusted servers the
only clue is the date in the third field from "passwd -s" command

#passwd -s sparcguy
sparcguy PS 06/02/11 0 91

06/02/11 this date I believe is stored in encrypted password in the format as month/day/year

I'm using a perl function str2time() which can convert dates to epoch numbers but takes the format of year(xxxx)/month(xx)/day(xx)
it will not work without this perl str2time module, so you need to check under "HTTP : Date" if you the module installed and if not you have to download it.

So to get this to work we first need to do a little formatting of the date.


As usual the description field of your userid must contain an email in the form of +email@domain.com

example:

sparcguy:<encrypted passwd>:100:100:+sparcguy@unix.com:/home/sparcguy:/usr/bin/ksh

Code:
#! /bin/sh
# Script to check password aging for non-trusted hpux servers WITHOUT shadow file
########################
#Notes: 
# date format for perl function str2time(year/month/day)
# date format for passwd -s (third field ) month/day/year
########################

cp -p /etc/passwd /etc/passwd.ORG
for i in `cat /etc/passwd.ORG | grep \@ | sed 's/:/+/g' | cut -d+ -f1`
do
OLASTPWCHG=`passwd -s $i | awk '{ print $3 }' | sed 's/\// /g' | awk '{print "20"$3"/"$1"/"$2}'`
export OLASTPWCHG
CVLASTPWCHG=`/usr/bin/perl -le 'use HTTP::Date; {print str2time($ENV{'OLASTPWCHG'});}'`
DAYSEC=`echo "60*60*24" | bc`
DAWNOFTIME=`/usr/bin/perl -e 'print int(time)'`
SECSAGO=`echo "$DAWNOFTIME - $CVLASTPWCHG" | bc`
DAYSAGO=`echo $SECSAGO/$DAYSEC | bc`
#
#we use 90 day password aging chg to yours
MAXAGE=91
LEFTDAYS=`echo "$MAXAGE - $DAYSAGO" | bc`

if [[ "$LEFTDAYS" = 7 ]]
then
	EMAILID=`cat /etc/passwd.ORG | grep $i | sed 's/:/+/g' | cut -d+ -f6`
        echo "Your unix id $i will expire in $LEFTDAYS days" | mailx -s "`uname -n` Password aging Reminder" $EMAILID
fi

if [[ "$LEFTDAYS" = 3 ]]
then
	EMAILID=`cat /etc//passwd.ORG | grep $i | sed 's/:/+/g' | cut -d+ -f6`
        echo "Your unix id $i will expire in $LEFTDAYS days" | mailx -s "`uname -n` Password aging Reminder" $EMAILID
fi

if [[ "$LEFTDAYS" -lt 0 ]]
then
	EMAILID=`cat /etc/passwd.ORG | grep $i | sed 's/:/+/g' | cut -d+ -f6`
        echo "Please note that your unix id $i has aleaady expired" | mailx -s "`uname -n` Password aging Reminder" $EMAILID
fi
done

Last edited by pludi; 07-15-2011 at 03:57 AM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

OpenSSH and password aging

Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow. # passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in... (1 Reply)
Discussion started by: raylen
1 Replies

2. UNIX for Dummies Questions & Answers

remove shadow password

Does anyone know how to remove a stanza in the shadow password file if the user account has already been removed on an AIX box? I know it can be done by editing the file itself but I would prefer not to do it that way. cheers gizaa (2 Replies)
Discussion started by: gizaa
2 Replies

3. UNIX for Dummies Questions & Answers

password aging help

If the command passwd -f is used, Users get the below error. I need to force users to change there passwords at initial login. Anyone know what is going on? This is on a Non-Stop UX system UX:in.login: ERROR: Your password has been expired for too long UX:in.login: TO FIX: Consult your system... (0 Replies)
Discussion started by: breigner
0 Replies

4. UNIX for Dummies Questions & Answers

password aging

hi experts this is regarding password aging i tried searching forum but i cudnt locate given a login id, i would like to determine whether password ageing has been enabled for that and for the login id whether password has been expired on a particular point of time Thanks (4 Replies)
Discussion started by: teletype_error
4 Replies

5. Cybersecurity

lost root password using (SAM) trusted security

I have used the system administration management trusted security system and in the process the root password have been changed or lost. Is there any possible way to recover root status after this incident:( (5 Replies)
Discussion started by: jordanrt
5 Replies

6. Shell Programming and Scripting

is there anyway of implementing password aging in NIS?

Hi , is there anyway of implementing password aging in NIS? I would say thanks in advance. Thanks and regards, HAA (1 Reply)
Discussion started by: HAA
1 Replies

7. HP-UX

shadowed password file on non-trusted system?

Is it possible to have shadowed password file without implementing a Trusted System? (3 Replies)
Discussion started by: linuxdude
3 Replies

8. UNIX for Advanced & Expert Users

Password Aging with Openssh 5.2 SFTP Subsystem Jail

All, I enabled PAM and aged a password, but when I login it asks me for the current password then says password unchanged after entering the current password. Is this a bug? My security dept is going to want me to enable password aging and I'm stuck! Any help on what the issu is? ... (6 Replies)
Discussion started by: markdjones82
6 Replies

9. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies

10. Linux

Linux password aging and ssh keys

Recently I have been playing with password ageing and the usage of ssh keys. I have found that if usePAM yes (default) is set in the /etc/ssh/sshd_config file then any password ageing and inactiivity can adversely affect a client with ssh keys. For example: Set PASS_MAX_DAYS to 60 in... (5 Replies)
Discussion started by: smurphy_it
5 Replies

LEARN ABOUT OPENDARWIN

pwconv

pwconv(1M)						  System Administration Commands						pwconv(1M)

NAME

       pwconv - installs and updates /etc/shadow with information from /etc/passwd

SYNOPSIS

       pwconv

DESCRIPTION

       The pwconv command creates and updates /etc/shadow with information from /etc/passwd.

       pwconv relies on a special value of 'x' in the password field of /etc/passwd. This value of 'x' indicates that the password for the user is
       already in /etc/shadow and should not be modified.

       If the /etc/shadow file does not exist, this command will create /etc/shadow with  information  from  /etc/passwd.  The	command  populates
       /etc/shadow  with  the  user's  login  name,  password,	and  password  aging  information. If password aging information does not exist in
       /etc/passwd for a given user, none will be added to  /etc/shadow. However, the last changed information will always be updated.

       If the  /etc/shadow file does exist, the following tasks will be performed:

		Entries that are in the  /etc/passwd file and not in the /etc/shadow file will be added to the /etc/shadow file.

		Entries that are in the  /etc/shadow file and not in the /etc/passwd file will be removed from /etc/shadow.

		Password attributes (for example, password and aging information)  that exist in an /etc/passwd entry will be moved to the  corre-
		sponding entry in  /etc/shadow.

       The pwconv command can only be used by the super-user.

FILES

       /etc/opasswd

       /etc/oshadow

       /etc/passwd

       /etc/shadow

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1), passmgmt(1M), usermod(1M), passwd(4), attributes(5)

DIAGNOSTICS

       pwconv exits with one of the following values:

       0	SUCCESS.

       1	Permission denied.

       2	Invalid command syntax.

       3	Unexpected failure.  Conversion not done.

       4	Unexpected failure.  Password file(s) missing.

       5	Password file(s) busy.	Try again later.

       6	Bad entry in /etc/shadow file.

SunOS 5.10							    9 Mar 1993								pwconv(1M)
All times are GMT -4. The time now is 08:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy