Password Aging

At the Circus we have a password policy to change all passwords every 90 days. Today it was brought to my attention that one of the linux servers was not following that policy. I confirmed that was true and after a little digging I found that it was only accounts that had been migrated from AIX to linux. But we couldn’t force around 2000 users to all change their passwords at the same time because we would inundate the help desk.

This is the script that I wrote to fix the problem and distribute the password changes over a month. The result is that there are only 78 users per day that are forced to change their password every day over that 28 day period.

#!/bin/bash
# 2011-01-28
# Jud Bishop
# Checks for passwords set to never expire and gives an expiration date.
# Distributes the password changes over a 28 day spread.

X=0;

for I in `cat /etc/passwd | cut -d: -f 1`
do
        #echo $I
        #chage -l $I | egrep "Password expires" | cut -d : -f 2

        DATE=`chage -l $I | egrep "Password expires" | cut -d : -f 2 | cut -d \  -f 2`
        if [ $DATE = "never" ]
        then
                echo $I
                if [ $X -le "27" ]
                then
                        X=`expr $X + 1`
                else
                        X=1;
                fi
                echo $X $I
                chage -d  2010-11-$X -M 90 $I
        fi
done
This entry was posted in Code, Linux. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s