| |
|
If this is your first visit, be sure to check out the FAQ by clicking the link above.
You may have to register before you can post: click the register link above to proceed.
To start viewing messages, select the forum that you want to visit from the selection below.
|
 |
|
11-29-12, 13:30
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
|
check for password expiration
|
|
What is the easiest way to check when a user's password will expire and send a notification email? On Linux, I can use chage command to get "Password expires" date. But on AIX, lsuser command gives me maxage, but that doesn't tell me when it will expire.
The password for our db2 user ids is set to expire every 90 days on some AIX/Linux servers. We don't login using db2 id (sudo from our personal id), so we don't get notified that it will soon expire. When the password expires, crontab jobs for db2 stop running.
Can you please suggest something I can use for both AIX and Linux? Preferably, something that I can run without using root.
|
|
11-29-12, 14:01
|
|
Registered User
|
|
Join Date: Feb 2006
Posts: 152
|
|
Check out the info on this page and see if it is what you are looking for:
Password expiry
|
|
11-30-12, 09:35
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
|
|
What I'd like to do is to automatically reset the password, it doesn't matter what it gets reset to since we don't really need to know it. I found chpasswd command that I could use on AIX/Linux, but it looks like it requires root. Is there anything available on AIX/Linux that will allow a regular user id to reset its own password other than changing it with passwd?
|
|
11-30-12, 11:11
|
|
Programming since 1BC
|
|
Join Date: Sep 2009
Location: Ontario
Posts: 825
|
|
If your intent is to automatically reset the password, and if you don't need to know it, then why not just change the maxage to 'never expires'.
|
|
11-30-12, 11:20
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
I wish I could just change it to never expire - violates ITCS104. But there is an exception on some servers and it's set to not expire - makes sense if login/rlogin is disabled.
|
|
11-30-12, 14:20
|
|
Programming since 1BC
|
|
Join Date: Sep 2009
Location: Ontario
Posts: 825
|
|
The chmod command has a -s option that allows the program/script to be executed as if it were run by the owner of the script rather than the login name of the user. If you were to do this, you should put the script in a directory that few people have access to.
|
|
11-30-12, 14:46
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
Do you mean I create a script using root and then set SUID/GUID? Something like this:
root@xxxxx
> chmod ug+s test
root@xxxxx
> ls -l test
-r-sr-s--- 1 root system 0 Nov 30 14:41 test
Do I put chpasswd command in the script and schedule it in crontab of my db2 user?
|
|
11-30-12, 15:25
|
|
Programming since 1BC
|
|
Join Date: Sep 2009
Location: Ontario
Posts: 825
|
|
Yes. (very guardedly). There should be very few members in the group that can execute this script.
Do you know if 'chpasswd' takes its input from stdin or stderr. You can test this simply by creating a file with a password in it (twice if chpasswd asks twice) and running it as:
where data contains
If chpasswd does not use stdin then you have to write a script using expect.
Try this with a test account, or have two open sessions so that you can restore the password if the change works, or worse changes the password to something with a carriage return in it.
|
|
11-30-12, 15:41
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
I've never used chpasswd before, just read about it this morning here: Password maintenance
Looks like it takes its input from stdin.
I'll try it on some test server.
Thank you.
|
|
11-30-12, 15:58
|
|
Programming since 1BC
|
|
Join Date: Sep 2009
Location: Ontario
Posts: 825
|
|
What is the output of 'ls -l chkpasswd' and 'ls -l pwgen'
|
|
11-30-12, 16:01
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
pwgen is not installed:
> ls -l /usr/bin/chpasswd
-r-x------ 1 root security 10228 Jun 11 18:14 /usr/bin/chpasswd
> which pwgen
no pwgen in /usr/bin /etc /usr/sbin /usr/ucb /usr/bin/X11 /sbin /usr/java14/jre/bin /usr/java14/bin
|
|
11-30-12, 16:04
|
|
Programming since 1BC
|
|
Join Date: Sep 2009
Location: Ontario
Posts: 825
|
|
Thanks, I'll do something with it over the weekend.
|
|
11-30-12, 16:05
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
The previous output is from AIX.
This one is from Linux:
# which chpasswd
/usr/sbin/chpasswd
# ls -l /usr/sbin/chpasswd
-rwxr-xr-x 1 root root 78872 Mar 3 2011 /usr/sbin/chpasswd
|
|
11-30-12, 16:06
|
|
∞∞∞∞∞∞
|
|
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,180
|
|
Thank you. Don't spend too much of your time...
|
|
11-30-12, 17:31
|
|
Programming since 1BC
|
|
Join Date: Sep 2009
Location: Ontario
Posts: 825
|
|
Try this:
Code:
#!/bin/sh
i=1
pw1=""
pw2=""
while [ $i -le 8 ]
do
p=`random 74`
p=`expr $p + 48`
if [ $p -eq 92 -o $p -eq 96 ]
then
p=`expr $p + 1`
fi
pw1=`echo "obase = 8\n$p\n"|bc`
pw1=`echo "\0$pw1\c"`
pw2=$pw2$pw1
i=`expr $i + 1`
done
#echo
echo $pw2 >>/home/db2/currentpassword
echo db2:$pw2 |chpasswd
Add to root's cron jobs to run once per month.
make sure that /home/db2/currentpassword is only readable by root and db2
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
dBforums
>
check for password expiration
