I can check that the user is expired or not with:
lsuser -f USERNAME | fgrep expires
But how can I check that the user's password is expired or not? Are there any other "expiring" things that can cause trouble? [so that user can't login, because he can only reach a server through FTP and his password expired, and he can't change it, because he hasn't got SSH access to give out the "passwd" command to update his password.]
Best Answer
Is there any
chage
sort of command on AIX? check /etc/shadow file thats where the expiry information is stored.Update: It seems there is a passwdexpired subroutine that can be loaded and Checks the user's password to determine if it has expired. However, it seems to be used as root.
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpasswdexpired.htm
This link has excellent documentation of what you would require
http://www.torontoaix.com/scripting/when_pwd_exp
As demonstrated earlier in the above article, the expiry of a password is governed by the maxage attribute.
AIX stores the time in the epoch format in seconds, so first you must determine how many seconds in a week, as this is how maxage measures the time between password expiry, that is in week numbers. There are 86400 seconds in a day, so multiplying that by seven comes in at 604800. So there are 604800 seconds in a week. The next command you need to look at is the pwdadm, which in turn queries the file /etc/security/passwd. This file holds the values in seconds when a user last changed their password. Interrogating the file or using the pwdadm command will return the same result. For this demonstration, let us query the user spoll:
You can see the lastupdate value in seconds from the above output. In other words, the last time the password was changed: 1274003127
Next, using the lsuser or interrogating the file with /etc/security/user, you can determine the number of weeks before the user spoll password will expire:
You can see from the above output that the number of weeks before password expiry is 4. The next task is then to multiply the number of seconds in a week by the number of weeks before the user spoll password is due to expire. In this case, it is 4: 604800 * 4
Next, you need to add the maxage value in seconds (604800 * 4) to the last time the password was changed: 2419200 + 1274003127
You can now convert that number of seconds from UNIX epoch into a more meaningful current time presentation. You can use different tools, but for this demonstration you'll use gawk with the strftime function:
The above calculation gives the time of the next password expiry. So, you now know that user spoll's password was last changed on ( from the pwdadm command):
And that it will expire on:
------------------Perl script-let--------