"Authenticated with cached credentials, your cached password will expire at Sat Apr 20 15:41:18 2024"

Now I know I can calculate the time for expiration myself by checking the 'offline_credentials_expiration' value in sssd.conf and add that to the timestamp for cache entry last update time reported by 'sudo sssctl user-show $USER' but both of these require root access. I need to get the expiration timestamp as a regular user.

The reason for this is that we do have a large number of external developers who are all given laptops with the company Linux image applied, having them log in using their Active Directory credentials. They do have VPN access but the nature of the projects they're working on they seldom need to be connected to our network :-(
I was thinking I could create a little script/application that notifies them a few days ahead of password expiration to remind them to connect to the VPN.

I was thinking of 'sss_cache' as that can run as a regular user but that can't give me the timestamp :-(
Worst case, I can perhaps write somethinh in python, but that depends of the availability of APIs and maybe that still will require root access.

Thanks!