Am Do, den 06.05.2004 schrieb Ow Mun Heng um 10:54:
> Hi,
>
> Normal practice when adding a new user is to batch load
> (with the same password)and then inform the user to change
> their username within a set period of time.
>
> The problem statement is.. how do I determine if the user
> has changed their password by the end of the grace period.
How about this: Run following commend, for ease of use embedded into a
shell script, used when creating new users:
USER=foo
grep $USER /etc/shadow | awk ' BEGIN { FS=":" } { print $1FS$2 } ' >>
/root/newusers
Then run by cron a task (hourly, daily or whatever you think fits your
circumstances) that compares the saved newuser username:hash entry with
whats current in /etc/shadow.
#!/bin/bash
cat /root/newuser | while read line; do \
USER=`echo $line | awk ' BEGIN { FS=":" } { print $1 } '` \
if [ "`grep $USER /etc/shadow | awk ' BEGIN { FS=":" } \
{ print $1FS$2 } '`" == "`echo $line`" ]; then \
echo "ATTENTION: $USER did not change initial password"
fi
done
This way root will get informed by cron generated mail about new users
with unchanged initial password.
> Cheer,
> OW
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2188.nptl
Sirendipity 14:29:45 up 9 days, 13:18, load average: 0.28, 0.20, 0.27
[ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
my life is a planetarium - and you are the stars
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
