Password last changed

Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Password last changed
# 1  
Old 06-28-2011
Password last changed

I am doing an audit and thought I knew what I was doing, but reading through the posts I came into doubt.
On Sun Solaris, I want to know when users last changed their passwords. I have the etc/shadow files and there is a nice field showing this. Except that it is disturbing me somewhat that for example the root password is indicated as having been last changed in 1987 on a computer that was installed in 2011? Some users have apparently never changed their passwords, despite that we have password rules in place, in etc/passwd.
Searching the forums here I found 2 threads dealing with password change logging, but the answer seems to be that there is no trace of last password change and that the login process does not write to the shadow file - and then I'm confused to bits! The man page says that last password change is written to shadow. It also indicates if the last login was successful. I am not talking about accounts marked with LK or NP. Smilie

Can somebody tell me the "truth" (and nothing but ...)
# 2  
Old 06-28-2011
The "logins" command may help. See "man logins".
The output from this command is suitable for processing in scripts but beware that dates are in American format.
logins -xto

# 3  
Old 06-28-2011
Found this script online. Try running this and see what your results show and then please paste them if you can. Does it still show 1987?

  # Output date format is YYYY-MM-DD
  open( S, "/etc/shadow" );
  while( <S> ) 
 ($user,$lastchg) = (split /:/)[0,2];
  @t = localtime( $lastchg*86400 );
  printf "User %-8s last changed password %0.4d-%0.2d-%0.2d (%5d)\n",
  $user, $t[5]+1900, $t[4]+1, $t[3], $lastchg; 
 close( S ); 
 exit 0;

Last edited by Scott; 06-28-2011 at 06:30 PM.. Reason: Please use code tags
# 4  
Old 06-29-2011
I can't run the script, because I don't have access to unix/linux at work. The first 3 columns are "root, encrypted pwd, 6445". The 6445 is to my understanding the days counting from 1/1/1970, i.e. 25 August, 1987. Is that not correct?
Update: I came to think, could it be that the machine has been installed from a backup tape or an image and hence inherits all this stuff?

Another question for me is that in the shadow file, there are the columns min and max password days to change, which generally, but not always, are from the default password policy. If these columns are empty, does it mean that these rules do not apply (that's what I think) or that the default policy applies, except for root?

Last edited by Norgaard; 06-29-2011 at 07:15 AM..
# 5  
Old 06-29-2011
You are right in that if the columns for min and max are not in the shadow file then the policy isnt yet affecting the account. Usually if you have a password policy in place then once the pw is reset those settings would come into play.

You are also right about the 6445 in the shadow file being days since Jan 1 1970.

Alot of applications that help sync passwords from machine to machine may copy the shadow entry for root from one box to another, someone or something may have copied this simply to sync the root pw using like a sed script.
# 6  
Old 06-30-2011
OK, thx. Then I am not as mad as I feared!
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

2. Shell Programming and Scripting

Check when the password has been changed lastly

Hi, I wanted to check when the password of a current user(logged in) has been changed recently. I tried with the commands like passwd -s name logins -x -l username everthingbut it shows not a super user Which commands will help me.. Kindly help.. Thanks in advance. (3 Replies)
Discussion started by: Pranavi
3 Replies

3. AIX

Root password changed but old one still works

Hello i am running AIX 6.1. i recently changed the root password using passwd and pwdadm. while the new password works fine, i am still able to login using the old password. is there anyway this can disabled\fixed thanks (5 Replies)
Discussion started by: dnlsingh
5 Replies

4. Shell Programming and Scripting

Script to echo "File permissions or ownership changed from required " when accidentally changed.

Hi All, I have to work in the late nights some times for server maintenance and in a hurry to complete I am accidentally changing ownership or permission of directories :( which have similar names ( /var in root and var of some other directory ).:confused: Can some one suggest me with the... (1 Reply)
Discussion started by: shiek.kaleem
1 Replies

5. Red Hat

Password not changed!

Hi I am using Fedora 14. I forgot root password of Fedora 14 so I used online help from Fedora website which says by doing rheb silent 1 and then using proper kernel and then using psswd for changing the password I changed it. But after normal booting GUI I am not able to log-on. Can anybody plz... (5 Replies)
Discussion started by: nixhead
5 Replies

6. Shell Programming and Scripting

Users who have never changed their password from /etc/shadow.

Hello, I have to do a script which returns users who have never changed their password from /etc/shadow. Here is what have I done and I'm not sure if it's ok. I tried to return just users who doesn;t have password set or are locked. Can be there other kind of user who never changed the... (3 Replies)
Discussion started by: catalint
3 Replies

7. Shell Programming and Scripting

Timezone not changed.

Hi All, While installing Red Hat Linux, I tried changing the timezone to Japan for testing.But the timezone was not set to Japan. I tried other timezones , but they didn't work as well. I am guessing the problem might be due to some missing rpm.Does anyone has any idea or faced a similar... (1 Reply)
Discussion started by: nua7
1 Replies

8. HP-UX

How I know "last password changed".

Hi all, My HP-UX server 11.11 trusted system. How I know when password was last changed. Thanks , arm_naja (4 Replies)
Discussion started by: arm_naja
4 Replies

9. UNIX for Dummies Questions & Answers

Have users changed their password

How can I know users have changed their passwords ? I don't need their password (!) I have to know if they have changed their pass word and when ? Thank you in advance for any SIMPLE answer. (6 Replies)
Discussion started by: annemar
6 Replies
Login or Register to Ask a Question