10/29/13

How to check that a user/password is expired in AIX? - Unix & Linux Stack Exchange

Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like
operating systems.. It's 100% free, no registration required.

Tell me more

How to check that a user/password is expired in AIX?

I can check that the user is expired or not with:
lsuser -f USERNAME | fgrep expires

But how can I check that the user's password is expired or not? Are there any other "expiring" things that can cause trouble? [so that user
can't login, because he can only reach a server through FTP and his password expired, and he can't change it, because he hasn't got SSH
access to give out the "passwd" command to update his password.]
/ password

/ aix

asked Nov 3 '11 at 22:46

LanceBaynes
1,449

55

157

3 Answers
Is there any chage sort of command on AIX? check /etc/shadow file thats where the expiry
information is stored.
Update: It seems there is a passwdexpired subroutine that can be loaded and Checks the user's
password to determine if it has expired. However, it seems to be used as root.
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?
topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpasswdexpired.htm
This link has excellent documentation of what you would require
http://www.torontoaix.com/scripting/when_pwd_exp
As demonstrated earlier in the above article, the expiry of a password is governed by the maxage
attribute.
For example:
maxage=0 means never to expire
maxage=2 means will expire in two weeks.

AIX stores the time in the epoch format in seconds, so first you must determine how many
seconds in a week, as this is how maxage measures the time between password expiry, that is
in week numbers. There are 86400 seconds in a day, so multiplying that by seven comes in at
604800. So there are 604800 seconds in a week. The next command you need to look at is the
pwdadm, which in turn queries the file /etc/security/passwd. This file holds the values in seconds
when a user last changed their password. Interrogating the file or using the pwdadm command
will return the same result. For this demonstration, let us query the user spoll:
# grep -p "spoll:" /etc/security/passwd
spoll:
password = EvqNjMMwJzXnc
lastupdate = 1274003127
flags =

ADMCHG

# pwdadm -q spoll
spoll:
lastupdate = 1274003127
flags = ADMCHG

You can see the lastupdate value in seconds from the above output. In other words, the last time
the password was changed: 1274003127
Next, using the lsuser or interrogating the file with /etc/security/user, you can determine the
number of weeks before the user spoll password will expire:
# grep -p "spoll:" /etc/security/user
spoll:
admin = false
maxage = 4
# lsuser -a maxage spoll

unix.stackexchange.com/questions/23923/how-to-check-that-a-user-password-is-expired-in-aix

1/2

10/29/13

How to check that a user/password is expired in AIX? - Unix & Linux Stack Exchange

spoll maxage=4

You can see from the above output that the number of weeks before password expiry is 4. The
next task is then to multiply the number of seconds in a week by the number of weeks before the
user spoll password is due to expire. In this case, it is 4: 604800 * 4
# expr 604800 \* 4
2419200

Next, you need to add the maxage value in seconds (604800 * 4) to the last time the password
was changed: 2419200 + 1274003127
# expr 2419200 + 1274003127
1276422327

You can now convert that number of seconds from UNIX epoch into a more meaningful current
time presentation. You can use different tools, but for this demonstration you'll use gawk with the
strftime function:
# gawk 'BEGIN {print strftime("%c",'1276422327')}'
Sun Jun 13 10:45:27 BST 2010

The above calculation gives the time of the next password expiry. So, you now know that user
spoll's password was last changed on ( from the pwdadm command):

# gawk 'BEGIN {print strftime("%c",'1274003127')}'

Sun May 16 10:45:27 BST 2010

And that it will expire on:

Sun Jun 13 10:45:27 BST 2010

------------------Perl script-let-------#!/bin/perl
use POSIX qw(strftime);
$maxage=4;
$last_update = 1274003127
$max_week_seconds = 86400 * $maxage;
print strftime("%C ", localtime($max_week_seconds));

edited Dec 5 '11 at 8:35

answered Dec 5 '11 at 5:29

Nikhil Mulley
3,744

28

convertthis-to-normal-time(last-pwdupdate-time-in-seconds+maxage-in-seconds)
answered Nov 5 '11 at 3:50
LanceBaynes
1,449

55

157

#!/bin/perl use POSIX qw(strftime); $maxage=4; $last_update = 1274003127 $max_week_seconds = 86400 *

$maxage; print strftime("%C ", localtime($max_week_seconds)); Nikhil Mulley Dec 5 '11 at 8:36

You can find out through the System Management Interface Tool (
is smitty
edited Nov 14 '12 at 15:21
Michael Mrozek
26.2k

10

82

smit).

The console version

answered Nov 14 '12 at 12:05

vdkknight
135

11

Answers generally require more explanation than a mere command name. Please elaborate, or move this to a
comment. jw013 Nov 14 '12 at 14:25
I would add to this answer, but I can't find the man page anywhere. Mentioning what flags to give it and what the
output will look like would be helpful Michael Mrozek Nov 14 '12 at 15:22

unix.stackexchange.com/questions/23923/how-to-check-that-a-user-password-is-expired-in-aix

2/2