Here’s a simple KSH script that will give you the expiry date for a user account on a remote AIX server. Assumes ssh access to remote server is already setup and perl installed and working.
Essentially, what we are doing is checking the maxage for the user (in weeks) and converting to seconds, then getting the lastchange attribute for the user and adding these two values together. Then we convert this total from seconds (from epoch) to a readable date. Simples.
#!/bin/ksh # Quick script to determine when expiry date of a user is syntax() { echo "syntax : has-user-expired.sh [username] [hostname]" exit 1 } [[ $# -lt 2 || $# -gt 2 ]] && syntax user=$1 node=$2 # Ping the target server to make sure it's alive & if it does check the user exists ssh $node "lsuser $user" >/dev/null 2>&1 RC=$? case $RC in 255) # Host did not resolve echo "$node not found" exit 2 ;; 2) # User did not exist echo "$user does not exist on $node" exit 3 ;; 0) # User and host ok ;; *) # Unhandled error echo "Unhandled error : $RC" exit 4 ;; esac # Get the last time the user changed the password lastchange=$(ssh $node "pwdadm -q $user"| grep lastupdate| awk -F= '{print $2}'|sed 's/ //') # If lastchange is blank it's probably because the user is using AD auth [[ "$lastchange" = "" ]] && echo "User not using AIX auth. Maybe AD auth?" && exit 5 # Get the maxage for the user age=$(ssh $node "lsuser -f $user"|grep maxage|awk -F= '{print $2}') # Work out the maxage in seconds maxsecs=$(expr 604800 \* $age) # Work out the expiry date in epoch time expiry=$(expr $lastchange + $maxsecs) # Convert the expiry to a real date expdate=$(perl -le "print scalar localtime $expiry") echo "User $user on $node expires (or expired) on $expdate" exit 0 |
This script DOESN’T handle new users yet (i.e. a new account where the user hasn’t yet changed the password). It’s on the list 🙂