Hello all,
I've been wrestling with the intricasies of the C2 auth structure to
try and determine which accounts are about to have their passwords
expire. I've got the basic check for password expiration down by grabbing info
from /etc/auth/system/default about password lifetime and taking the
difference from the last successful password changetime for each user using
edauth. However, I'd like to exclude users that are locked, retired, cannot
log in, etc...
I happened upon an account that I thought had been locked, yet edauth -g
showed u_lock_at_ (meaning the user was not locked). When I bring up dxaccounts,
the gui shows the account as being locked. This is on a DU4.0b patchkit #7
alphaserver 2100rm. The user entry looks like this:
regtmf:u_name=regtmf:u_id#204:u_pwd=<passwd omitted>:u_exp#0:\
:u_succhg#873730344:u_unsucchg#841875793:u_genpwd_at_:u_pwdict=<pwdict
omitted>:\
:u_genchars_at_:u_genletters_at_:u_oldcrypt#0:u_suclog#886606394:\
:u_suctty=INET#sis107.Berkeley.EDU:u_unsuctty=INET#sis107.Berkeley.EDU:u_unsuclog#891618324:u_numunsuclog#4:\
:u_lock_at_:chkent:
(excuse the messiness)
Another interesting thing I've run across is an account can be locked by
having u_pwd equal to any one of: "*Nologin", "Nologin", "nologin", "*".
Is this normal? Has anyone else delved this deeply into C2?
Thanks for any info.
-Saar Picker
--
====================================================================
Saar Picker saarp_at_socrates.berkeley.edu
CCS/SDA - Administrative Unix (510) 643-8168
UC Berkeley 261 Evans Hall
====================================================================
Received on Thu Mar 18 1999 - 02:29:51 NZDT