How to check that a user/password is expired in AIX?
Is there any chage
sort of command on AIX? check /etc/shadow file thats where the expiry information is stored.
Update: It seems there is a passwdexpired subroutine that can be loaded and Checks the user's password to determine if it has expired. However, it seems to be used as root.
This link has excellent documentation of what you would require
http://www.torontoaix.com/scripting/when_pwd_exp
As demonstrated earlier in the above article, the expiry of a password is governed by the maxage attribute.
For example:
maxage=0 means never to expire
maxage=2 means will expire in two weeks.
AIX stores the time in the epoch format in seconds, so first you must determine how many seconds in a week, as this is how maxage measures the time between password expiry, that is in week numbers. There are 86400 seconds in a day, so multiplying that by seven comes in at 604800. So there are 604800 seconds in a week. The next command you need to look at is the pwdadm, which in turn queries the file /etc/security/passwd. This file holds the values in seconds when a user last changed their password. Interrogating the file or using the pwdadm command will return the same result. For this demonstration, let us query the user spoll:
# grep -p "spoll:" /etc/security/passwd
spoll:
password = EvqNjMMwJzXnc
lastupdate = 1274003127
flags = ADMCHG
# pwdadm -q spoll
spoll:
lastupdate = 1274003127
flags = ADMCHG
You can see the lastupdate value in seconds from the above output. In other words, the last time the password was changed: 1274003127
Next, using the lsuser or interrogating the file with /etc/security/user, you can determine the number of weeks before the user spoll password will expire:
# grep -p "spoll:" /etc/security/user
spoll:
admin = false
maxage = 4
# lsuser -a maxage spoll
spoll maxage=4
You can see from the above output that the number of weeks before password expiry is 4. The next task is then to multiply the number of seconds in a week by the number of weeks before the user spoll password is due to expire. In this case, it is 4: 604800 * 4
# expr 604800 \* 4
2419200
Next, you need to add the maxage value in seconds (604800 * 4) to the last time the password was changed: 2419200 + 1274003127
# expr 2419200 + 1274003127
1276422327
You can now convert that number of seconds from UNIX epoch into a more meaningful current time presentation. You can use different tools, but for this demonstration you'll use gawk with the strftime function:
# gawk 'BEGIN {print strftime("%c",'1276422327')}'
Sun Jun 13 10:45:27 BST 2010
The above calculation gives the time of the next password expiry. So, you now know that user spoll's password was last changed on ( from the pwdadm command):
# gawk 'BEGIN {print strftime("%c",'1274003127')}'
Sun May 16 10:45:27 BST 2010
And that it will expire on:
Sun Jun 13 10:45:27 BST 2010
------------------Perl script-let--------
#!/bin/perl
use POSIX qw(strftime);
$maxage=4;
$last_update = 1274003127
$max_week_seconds = 86400 * $maxage;
print strftime("%C ", localtime($max_week_seconds));
Related videos on Youtube
LanceBaynes
Updated on September 18, 2022Comments
-
LanceBaynes almost 2 years
I can check that the user is expired or not with:
lsuser -f USERNAME | fgrep expires
But how can I check that the user's password is expired or not? Are there any other "expiring" things that can cause trouble? [so that user can't login, because he can only reach a server through FTP and his password expired, and he can't change it, because he hasn't got SSH access to give out the "passwd" command to update his password.]
-
Nikhil Mulley over 12 years#!/bin/perl use POSIX qw(strftime); $maxage=4; $last_update = 1274003127 $max_week_seconds = 86400 * $maxage; print strftime("%C ", localtime($max_week_seconds));
-
jw013 over 11 yearsAnswers generally require more explanation than a mere command name. Please elaborate, or move this to a comment.
-
Michael Mrozek over 11 yearsI would add to this answer, but I can't find the man page anywhere. Mentioning what flags to give it and what the output will look like would be helpful