Expirovany account
Pavel Kankovsky
peak na kerberos.troja.mff.cuni.cz
Čtvrtek Srpen 6 13:24:45 CEST 1998
On Thu, 6 Aug 1998, Petr Novotny wrote:
> potrebuji prikaz shellu (nebo jeste lepe funkci v Perlu), ktera mi da
> seznam expirovanych accountu (nebo treba pro kazdy account rekne, kdy
> expiruje). Muzu prochazet /etc/shadow ale nezda se mi to elegantni -
> myslel jsem, ze by to mohlo jit pres PAM, nebo se mylim? [Redhat 5.1]
PAM je na neco jineho. Pokud neco, tak by bylo PWDB.
Ale v tom Perlu to neni zadna raketova veda:
sub scan_shadow
{
my $today = int(time() / 86400);
while (<STDIN>) {
chomp;
if (/^(\w+):([^:]*):(\d*):[^:]*:(\d*):(\d*):(\d*):(\d*):$/) {
my ($user, $pwd, $last_ch, $pwd_exp, $warning, $pwd_lck, $acc_exp) =
($1, $2, int($3), int($4), int($5),int($6), int($7));
... sem dopsat, co je libo ...
}
else {
warn "unrecognized line in shadow!";
}
}
}
(Je to sice puvodne pro Solaris, ale format /etc/shadow je stejny.)
Cely account expiruje v den $acc_exp, heslo expiruje v den $last_ch +
$pwd_exp, a ucet bude zamcen v den $last_ch + $pwd_lck.
BTW: nejsem si jisty, jestli jsou getpw*(), co navrhoval Honza Pazdziora
nejak uzitecne, protoze pochybuji, ze extrahuji veci ze shadow, ale muzu
se mylit.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"You can't be truly paranoid unless you're sure they have already got you."
Další informace o konferenci Linux