Here’s a simple KSH script that will give you the expiry date for a user account on a remote AIX server. Assumes ssh access to remote server is already setup and perl installed and working.
Essentially, what we are doing is checking the maxage for the user (in weeks) and converting to seconds, then getting the lastchange attribute for the user and adding these two values together. Then we convert this total from seconds (from epoch) to a readable date. Simples.
#!/bin/ksh
# Quick script to determine when expiry date of a user is
syntax()
{
echo "syntax : has-user-expired.sh [username] [hostname]"
exit 1
}
[[ $# -lt 2 || $# -gt 2 ]] && syntax
user=$1
node=$2
# Ping the target server to make sure it's alive & if it does check the user exists
ssh $node "lsuser $user" >/dev/null 2>&1
RC=$?
case $RC in
255) # Host did not resolve
echo "$node not found"
exit 2
;;
2) # User did not exist
echo "$user does not exist on $node"
exit 3
;;
0) # User and host ok
;;
*) # Unhandled error
echo "Unhandled error : $RC"
exit 4
;;
esac
# Get the last time the user changed the password
lastchange=$(ssh $node "pwdadm -q $user"| grep lastupdate| awk -F= '{print $2}'|sed 's/ //')
# If lastchange is blank it's probably because the user is using AD auth
[[ "$lastchange" = "" ]] && echo "User not using AIX auth. Maybe AD auth?" && exit 5
# Get the maxage for the user
age=$(ssh $node "lsuser -f $user"|grep maxage|awk -F= '{print $2}')
# Work out the maxage in seconds
maxsecs=$(expr 604800 \* $age)
# Work out the expiry date in epoch time
expiry=$(expr $lastchange + $maxsecs)
# Convert the expiry to a real date
expdate=$(perl -le "print scalar localtime $expiry")
echo "User $user on $node expires (or expired) on $expdate"
exit 0 |
This script DOESN’T handle new users yet (i.e. a new account where the user hasn’t yet changed the password). It’s on the list 🙂
