[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: alerting users of expiring passwords

martin f krafft wrote:

> when a user's shadow password is about to expire, PAM prints
> a message about the expiration e.g. at login via SSH. However, if
> there is also a /etc/motd, the fact that it follows the warning
> obscures the warning and nobody sees it.
> What I would like to do is provide a more readily noticable warning,
> e.g. a notice before every shell command, or something along those
> lines. The question is: how do I check whether a user's password is
> about to expire from a script?

from shadow man page:

       shadow - encrypted password file

       shadow  contains  the  encrypted password information for user's
accounts and optional the
       password aging information.  Included is

            Login name

            Encrypted password

            Days since Jan 1, 1970 that password was last changed

            Days before password may be changed

            Days after which password must be changed

            Days before password is to expire that user is warned

            Days after password expires that account is disabled

            Days since Jan 1, 1970 that account is disabled

            A reserved field


I guess you can get it with 'cut' command. something like:
TIME=`grep <username> /etc/shadow | cut -d":" -f 5`
echo "your password will expire in $TIME days"

the problem is that you can run this commands only as root (users don't have
read permissions on shadow file), so you can redirect it to their mails.


> Or does anyone have a better solution?

Reply to: