At the Circus we have a password policy to change all passwords every 90 days. Today it was brought to my attention that one of the linux servers was not following that policy. I confirmed that was true and after a little digging I found that it was only accounts that had been migrated from AIX to linux. But we couldn’t force around 2000 users to all change their passwords at the same time because we would inundate the help desk.
This is the script that I wrote to fix the problem and distribute the password changes over a month. The result is that there are only 78 users per day that are forced to change their password every day over that 28 day period.
#!/bin/bash # 2011-01-28 # Jud Bishop # Checks for passwords set to never expire and gives an expiration date. # Distributes the password changes over a 28 day spread. X=0; for I in `cat /etc/passwd | cut -d: -f 1` do #echo $I #chage -l $I | egrep "Password expires" | cut -d : -f 2 DATE=`chage -l $I | egrep "Password expires" | cut -d : -f 2 | cut -d \ -f 2` if [ $DATE = "never" ] then echo $I if [ $X -le "27" ] then X=`expr $X + 1` else X=1; fi echo $X $I chage -d 2010-11-$X -M 90 $I fi done