Re: Account maintenance utilites for Solaris

From: --==[bman]==-- (bmynars_at_verizon.net)
Date: 07/28/04 

Date: Wed, 28 Jul 2004 02:17:25 GMT

Hi Erik,

Yes. Thanks. passwd in combination with 'finger' gave me roughly the
information I wanted to get. I still came up short with things last:
        1. last unsuccessfully logon attempt
        2. last unsuccessfully password change attempt
        3. tty device user was connecting from

But I was able to cover all the the client's requirements called for. :-)

Erik C.J. Laan wrote:
> --==[bman]==-- wrote:
>
>>Let me explain what I mean. Currently we are in the process of making
>>our systems compliant with SOX (Sarbane/Oxley) requirements and some of
>>those requirements are to ensure that:
>>
>> 1. If a new account is created and a user does not login within 7
>>days, such an account is locked
>> 2. In case of our company, lock an account that was inactive for 45
>>or more days
>> 3. Remove an account that was inactive for x number of days.
>>
>>I have written a suite of shell scripts for HP-UX and everything has
>>been covered. I was approached, then, to help our SUN group to do the
>>same except some of the tools I have on HPUX are not on SUN for obvious
>>reasons in the way the handle accounts. HPUX has its 'trusted' mode
>>with strong C2 and other niceties and SUN uses PAM instead.
>>
>>My question is:
>> What SUN's native tool I can use to query an account and obtain the
>>following information:
>> - when account was last accessed successfully
>> - when account was last accessed unsuccessfully
>> - when account password was last successfully changed
>> - when account password was last unsuccessfully changed
>>
>>and finally, if possible at all
>> - what was the 'tty' device used last by the account
>>
>>
>>I was looking at passwd and logins but it's still not exactly what I am
>>looking for. On Linux systems, I have 'chage' command which gives me
>>pretty much all I need in PAM environment. Is there any equivalent of
>>this on SUN?
>
>
> Maybe you've already found this, but the passwd commando on Solaris has
> a -s option that can show you some account and password settings. The
> last-changed field (see also man shadow) is in days since 1/1/1970.
>
> HTH(at least somewhat), Erik 

-- 
     __    _
    / /   (_)___  __  ___  __
   / /   / / __ \/ / / / |/_/
  / /___/ / / / / /_/ />  <
/_____/_/_/ /_/\__,_/_/|_| is what you make of it.

Relevant Pages

  • Re: Account maintenance utilites for Solaris
    ... > our systems compliant with SOX requirements and some of ... Remove an account that was inactive for x number of days. ... I was approached, then, to help our SUN group to do the ... but the passwd commando on Solaris has ...
    (comp.sys.sun.admin)
  • Re: If you could remove one piece of legislation from the statute books, what would it be?
    ... You'd have to vote in the BNP first. ... account of any future offspring and what they might think? ... majority of Westminster politicans have only bothered to skim-read ... Ordinary Sun readers wouldn't even get to first base if they ...
    (uk.legal)
  • Re: If you could remove one piece of legislation from the statute books, what would it be?
    ... You'd have to vote in the BNP first. ... account of any future offspring and what they might think? ... majority of Westminster politicans have only bothered to skim-read ... Ordinary Sun readers wouldn't even get to first base if they ...
    (uk.legal)
  • Re: Logging On Help
    ... > to log on to a user account that I created for myself. ... > sign on as root. ... When you enter the normal password during login or with the passwd ... pasted it into the -p argument to useradd for a test account, ...
    (Fedora)
  • Re: Solaris downloads
    ... They keep losing my account information. ... Evidently Sun finds their own dog food ... The -15 patch explained that it patched SO8 to OOo-2.4.0. ... My accountant needs .docs and .xls files Invoices are occasionally sent ...
    (comp.unix.solaris)