Thanks to all who responded on this.
Here's my original question:
>
> Hello,
>
> Is there anyway under DU 4.0B (C2 enabled) that I can display the
time
> & date that a user last changed their password. I've tried looking for
> this under "dxaccounts" but can't find anything. I know its probably
> buried somewhere down in "/tcb/files/auth" in seconds, but was
> wondering if there is a friendlier way to display this information via
> dxaccounts as it seems like it should be able to do this sort of
thing.
>
> TIA,
> clos_at_nhb.com
>
The short answer to this question is that dxaccounts currently does not
have a way to display the time/date of a last password change. Most
respondents suggested that this info can be extracted using the
following command:
try /usr/tcb/bin/edauth -g <username>
See the man page for edauth, and prpasswd to
understand the fields in the database.
The fields of interest in the prpasswd database are u_succchg and
u_unsucchg. These fields are in seconds and can converted to
day/month/year hours:minutes:secs (or some other format) via your own
custom written script or program. Here are 2 example programs I
received.
Start-of-Example-1~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Matt Moore <moorem_at_storm.bucks.edu>
I'm not sure if you can do it from dxaccounts but I like to do things
from the shell because it is a LOT faster, especially if you have a lot
of accounts (we have about 10,000). You can view or change anything you
want if have some good scripts to do the job. Here is a perl script to
display the date of the last password change:
------------------------< Cut Here >---------------------------------
#!/usr/bin/perl
# File: pwchange
# Usage: pwchange username
# You must be root to run this program
$LINE = `edauth -g $ARGV[0] | grep u_succhg`;
_at_FIELDS = split(/:/,$LINE);
foreach (_at_FIELDS) {
if ( $_ =~ /u_succhg/ )
{ ($junk,$TIME) = split(/#/);} }
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($TIME);
$mon++;
print "Password Changed: $mon/$mday/$year $hour:$min:$sec \n";
------------------------< Cut Here >---------------------------------
BTW - everything you need to decode the values in the authdb is in the
man pages for prpasswd.
End-of-Example-1~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here is an example of a C program received.
From: John Ferlan <ferlan_at_zk3.dec.com>
The program I sent you would do what you want if you had the time
already
available... in order to "read" the time you should take as input a
username, then call getespwnam() on the user (see the man page) - and
then
pass to the time printing routine the prpwd->ufld->fd_schange if it's
available (prpwd->uflg->fg_schange)...
Yes you'll have to do a little bit of coding from what I sent you, but
it
shouldn't be too hard... My code takes as input an integer value and
converts it...
Start-of-Example-2~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/* passchg.c
*
* Just a little program to show how you can
* print the last successful/unsuccessful password
* change for the account you have logged into
*/
#include <sia.h>
#include <siad.h>
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
#include <time.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>
void print_time (time_t timbuf)
{
char *loc; /* the current locale */
char *dt_format; /* strftime format */
struct tm *tvp; /* Pointer to localtime return */
char timestr[128];
loc = setlocale(LC_TIME, NULL);
if (!strcmp(loc, "POSIX") || !strcmp(loc, "C"))
dt_format = "%a %b %e %H:%M:%S %Z %Y";
else
dt_format = "%c"; /* Leave it up to libc */
tvp = localtime(&timbuf);
(void)strftime(timestr, sizeof timestr, dt_format, tvp);
printf ("Time is: %s\n", timestr);
}
/*============================MAIN
PROGRAM==============================*/
main(int argc, char *argv[])
{
time_t read_time;
int retval = 0;
if (argc == 2) {
read_time = (time_t)atoi(argv[1]);
print_time(read_time);
} else {
printf ("Bad format - usage - prtime <timeval>\n");
retval = 1;
}
return retval;
}
End-of-Example-2~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received on Tue Mar 23 1999 - 01:20:37 NZST