Hi,
I'm trying to write a script that will detect if an account is due to be (or has been) disabled so users get sent an email notification telling them to change there password or login to make sure the account is not disabled for being inactive for too long.
The password expiry part is easy enough to do but detecting the time of the last login reliably is giving me problems.
NOTE: I don't want to look at last logs to get the last login time because they are rotated off the box frequently.
# chage -l <account> Minimum: 0 Maximum: 60 Warning: 14 Inactive: 60 Last Change: Sep 10, 2004 Password Expires: Nov 09, 2004 Password Inactive: Jan 08, 2005 Account Expires: Never
So if this account is inactive for 60 days, it gets locked. I need to be able to detect this reliably. According to the man page, this information should be stored in the shadow file (see below).
# man 5 shadow ---snip--- shadow contains the encrypted password information for user's accounts and optional the password aging information.
Included is Login name Encrypted password Days since Jan 1, 1970 that password was last changed Days before password may be changed Days after which password must be changed Days before password is to expire that user is warned Days after password expires that account is disabled Days since Jan 1, 1970 that account is disabled A reserved field ---snip---
# cat /etc/shadow | grep <account> proxy:<crypted_pwd>:12671:0:60:14:60::
The last two values aren't set in the shadow file for this account. Is there any way to get this information? Is there some reason that these fields are not defined in the /etc/shadow file?
Thanks,
Paul
