Hello once again,
a few days ago, I wrote the following message.
>I have been tasked with sending notifications to users when their
>account passwords are about to expire. I have been trying to
>determine the best way of determining this based upon the "passwd
>-sa" command which lists the following attributes for all accounts
>on the machine (white-space delimited):
>account_name status date_changed minimum_change maximum_change grace_period
>
>For example:
>sysadmin PS 11/13/99 1 60 7
>
>which means the sysadmin account is active, the password was changed
>on 11/13/99, passwords must remain for at least a day, it must be
>changed within 60 days, and there is a 7 day grace period.
>
>While trying to tackle the problem, I thought it might be best to do
>calculations based upon "seconds from the epoch" However, I can not
>find any bourne shell level utilities to do conversions from date to
>"seconds from the epoch" and back. I know there are C libraries
>that could be used, but I would rather not have to worry about
>compiling code, and I am hesitant to do perl, as not all of our
>machines are loaded with it.
>
>Does anyone have any good ideas?
I got feedback from a number of people, including:
Marcos Assis Silva, Jonathan Loh, Karl Vogel, Jim lewinson, Daniel
Lorenzini, Brad Young, Rick Caldwell, Keith Willenson, Mark Anderson,
Renny Koshy, and Vince Merrell.
I thank you all for your input in my dilemma.
Marcos Assis Silva was nice enough to provide me with binaries and
source code of two utilities: cftime and mktime. They convert times
back and forth between normal "date" output and "seconds from epoch".
I almost used this, but decided on another utility (more info later).
- Thanks Marcos!
I got some recommendations to use the GNU date utility (gdate?)
Rick Caldwell sent me some scripts that perform a similar function to
what I was trying to do, but for temporary license keys. It mainly
uses awk for parsing license files. He even sent me a patch for Y2K
fixes. Thanks Rick.
I also got some recommendations to do Time Zone modifications to do
my date math.
And the winner is (drumroll please :-):
Jonathan Loh made me aware of a date utility called mktime (not the
same one as Marcos') put out by John R. Macmillan. It can be had at
http://www.vex.net/~jrm/technogeek/source/mktime/index.html I
compiled this snippet of code, followed the included man page, and
was able to complete my script quickly. I have included my script
below for anyone who is interested. It calls mktime, and uses it to
return a list of accounts that are about to expire. Thanks Jonathan!
(and of course John Macmillan)
My script:
#!/bin/sh
#
# Copyright (c) 2000, by TKC Solutions, LLC
# Distributed as Freeware
#
# checkexpire.sh
#
# This script uses an executable compiled from the mktime source code from
# John R MacMillan (john@weirdways.com) The source of mktime can be had at
# http://www.vex.net/~jrm/technogeek/source/mktime/
#
# This script uses the "passwd -sa" command to get the list of accounts on the
# system, do some simple checking for accounts with expiration, and list those
# accounts that are due for changing soon. All commands are based upon syntax
# used in Sun Solaris 2.x as of January 2000.
#Modify as necessary for the path to the mktime, passwd, and grep binaries
MKTIME=/export/home/morganj/mktime
PSWD="/usr/bin/passwd -sa"
GREP="/usr/bin/grep"
export PSWD MKTIME GREP
# The following command parses the password file and singles out the accounts
# with exipiration.
$PSWD | $GREP PS | $GREP -v "00/00/00" > /tmp/passexp.dat
# This script assumes output of the passwd -sa command to have the following
# columns:
# account_name status pw_chg_date [min_change] max_change warn_days
# min_change is optional, but all other arguments must be there.
while read nm st dt v1 v2 v3
do
# Today's date in seconds from the epoch
todaytime=`$MKTIME -F '%t' -z`
# Checking for minimum arguments
if [ "abc$v1" = "abc" -o "abc$v2" = "abc" ]
then
continue
fi
# if v3 is empty, then there was no min_change argument. Shift variables
# as if there were.
if [ "abc$v3" = "abc" ]
then
v3=$v2
v2=$v1
fi
# get month date and year, convert 2 digit date to 4 digit date. I am using
# a 100 year window from 1991 through 2090.
# This Script is NOT Y2.091K compliant :-)
mo=`echo $dt | cut -b 1-2`
da=`echo $dt | cut -b 4-5`
yr=`echo $dt | cut -b 7-8`
if [ $yr -le 90 ]
then
yr=`expr $yr + 2000`
else
yr=`expr $yr + 1900`
fi
# use mktime to calculate seconds since the epoch
chgtime=`$MKTIME -F '%t' -z -D "$yr-$mo-$da"`
# calculate password expiration date
duetime=`expr $chgtime + $v2 \* 86400 `
# convert expiration date back to normal date form
duedate=`$MKTIME -t $duetime`
# calculate how far we are from expiration and compare to warning value
difftime=`expr $duetime \- $todaytime`
diffday=`expr $difftime \/ 86400`
if [ $diffday -le $v3 ]
then
echo "account $nm has $diffday days left to change password.
grace period is
$v3"
echo "account $nm expires on $duedate"
fi
done < /tmp/passexp.dat
rm /tmp/passexp.dat
exit 0
=============================================================================
Jay Morgan Work E-Mail: jay@tkcsolutions.com
Managing Partner Personal E-Mail: jhmorgan@mindspring.com
TKC Solutions LLC Phone: 770-671-8084 (use Mobile)
3380 Villa Robleda Dr. FAX: 650.618.1460
Mountain View, CA 94040
5125 Foxwood Ct. Home: 770-522-8611
Atlanta, GA 30360 Mobile: 770-329-4477
============================================================================
The surest way to corrupt a youth is to instruct him to hold in
higher regard those who think alike than those who think differently.
-- Unknown
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:01 CDT