There's a field in /etc/shadow which sets how many days before expiry the user is warned, however this warning is on logon and so will not work for rarely administered boxes. chage -l root will give you this and other values including the expiry date of the current password.
Unfortunately the password expiry date is not in an easily calculable format, however it should be possible to convert it to epoch and compare with today's date, eg Perl's Date::Calc module provides a delta days function which could be used for this...
---------- Post updated at 11:59 ---------- Previous update was at 11:36 ----------
To expand...
Code:
perl -e 'use Date::Calc qw(Delta_Days);
@today=(localtime(time))[3,4,5];
$expiry=qx(/usr/bin/chage -l);
%months=qw(Jan 1 Feb 2 Mar 3 Apr 4 May 5 Jun 6 Jul 7 Aug 8 Sep 9 Oct 10 Nov 11 Dec 12);
($expire_month, $expire_day,$expire_year)=$expiry=~/Password expires\s+:\s(\w+)\s(\d+),\s(\d+)/g;
$expire_month=$months{$expire_month};
$days_to_expiry=Delta_Days($today[2]+1900,$today[1]+1,$today[0],$expire_year,$expire_month, $expire_day);
if ($days_to_expiry < 7){
use Mail::Sender;
...
}'
Last edited by Skrynesaver; 08-31-2016 at 11:58 AM..
I couldnt find this in any other post - so hoping someone can help out.
I want to set password expiry (or rather I have to) for a number of users on my solaris 9 system. I know i can set the following options in the /etc/default/passwd file to do it and then just type a passwd -f <username> to... (6 Replies)
Hi Friends.
I am new to scripting now i want to change the root password using the script with standard password.
which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Hi,
Is there any way of sending an email to a number of users indicating that the passwords of user accounts will expire?
Currently we have a test server with a number of oracle test accounts on it. Each of these accounts correspond to an instance of Oracle on the server. These... (2 Replies)
Hi,
Is there any way of sending an email to a number of users indicating that the passwords of user accounts will expire?
Currently we have a test server with a number of oracle test accounts on it. Each of these accounts correspond to an instance of Oracle on the server. These... (2 Replies)
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Hi All,
I have a gateway server, from where I can connect any server via 'sudo ssh server_name'. Generally, if we need to run a command on any number of servers, we put server names in a file like '/tmp/ser_name' and execute it with for loop from gateway server.
Now, I need to set non-expiry... (0 Replies)
I am connecting to sql databases through shell script. Databases that i am connecting will need password change every 60 days. This is according to our security policy and cannot be changed. But this is creating problem when connecting to Databases through shell script . To connect to oracle DB we... (2 Replies)
Newbie in scripting
Please assist with a script to send an email to all users seven days before their passwords expires.Aging set for 90 days.
# chage -l user1
Last password change : Jul 08, 2015
Password expires :... (4 Replies)
Discussion started by: tshepang
4 Replies
LEARN ABOUT SUSE
chage
chage(1) General Commands Manual chage(1)NAME
chage - change user password expiry information
SYNOPSIS
chage [-D binddn] [-P path] [-m mindays]
[-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
chage -l [user]
DESCRIPTION
chage is used to list and change the password expiry information of a user. It allows the system administrator to change the number of days
between allowed and required password changes and the date of the last password change. It allows also to define when an account will
expire. The chage command is restricted to the system administrator, except for the -l option, which may be used by an user to determine
when his password or account is due to expire.
If no option is given, chage operates in an interactive mode, prompting the user with the current values for all of the fields. Enter the
new value to change the field, or leave the line blank to use the current value. If the users exists in the local passwd file, but not in
the local shadow file, chage will create a new entry in the shadow file.
OPTIONS -D, --binddn binddn
Use the Distinguished Name binddn to bind to the LDAP directory. The user will be prompted for a password for simple authentica-
tion.
-P, --path path
The passwd and shadow files are located below the specified directory path. chage will use this files, not /etc/passwd and
/etc/shadow. This is useful for example on NIS master servers, where you do not want to give all users in the NIS database auto-
matic access to your NIS server and the NIS map is build from special files.
-l, --list
This option will list the password expiry information in a human readable format. The user will see the date when he changed the
password the last time, when the password will be expire, when the password will be locked and when the account will expire.
-m, --mindays mindays
With this option the minimum number of days between password changes is changed. A value of zero for this field indicates that the
user may change her password at any time. Else the user will not be permitted to change the password until min days have elapsed.
-M, --maxdays maxdays
With this option the maximum number of days during which a password is valid is changed. When maxdays plus lastday is less than the
current day, the user will be required to change his password before being able to use the account.
-d, --lastday lastday
With this option the date when the password was last changed can be set to another value. lastday has to be specified as number of
days since January 1st, 1970. The date may also be expressed in the format YYYY-MM-DD. If supported by the system, a value of zero
forces the user to change the password at next login.
-E, --expiredate expiredate
With this option the date when the account will be expired can be changed. expiredate has to be specified as number of days since
January 1st, 1970. The date may also be expressed in the format YYYY-MM-DD.
-I, --inactive inactive
This option is used to set the number of days of inactivity after a password has expired before the account is locked. A user whose
account is locked must contact the system administrator before being able to use the account again. A value of -1 disables this
feature.
-W, --warndays warndays
With this option the number of days of warning before a password change is required can be changed. This option is the number of
days prior to the password expiring that a user will be warned the password is about to expire.
FILES
passwd - user account information
shadow - shadow user account information
SEE ALSO passwd(1), passwd(5)AUTHOR
Thorsten Kukuk <kukuk@suse.de>
pwdutils November 2005 chage(1)