Determine if new user has changed password

Thu May 6 12:59:01 UTC 2004

Am Do, den 06.05.2004 schrieb Ow Mun Heng um 10:54:

> Hi,
> 
> 	Normal practice when adding a new user is to batch load
> (with the same password)and then inform the user to change 
> their username within a set period of time.
> 
> The problem statement is.. how do I determine if the user
> has changed their password by the end of the grace period.

How about this: Run following commend, for ease of use embedded into a
shell script, used when creating new users:

USER=foo
grep $USER /etc/shadow | awk ' BEGIN { FS=":" } { print $1FS$2 } ' >>
/root/newusers

Then run by cron a task (hourly, daily or whatever you think fits your
circumstances) that compares the saved newuser username:hash entry with
whats current in /etc/shadow.

#!/bin/bash
cat /root/newuser | while read line; do \
USER=`echo $line | awk ' BEGIN { FS=":" } { print $1 } '` \
   if [ "`grep $USER /etc/shadow | awk ' BEGIN { FS=":" } \
{ print $1FS$2 } '`" == "`echo $line`" ]; then \
    echo "ATTENTION: $USER did not change initial password"
   fi
done

This way root will get informed by cron generated mail about new users
with unchanged initial password.

> Cheer,
> OW

Alexander

-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2188.nptl
Sirendipity 14:29:45 up 9 days, 13:18, load average: 0.28, 0.20, 0.27 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040506/31934f18/attachment-0002.bin 