PASSWORD-AGING NOTIFICATION in Font

Painting Data Matrix 2d barcode in Font PASSWORD-AGING NOTIFICATION

CHAPTER 36 PASSWORD-AGING NOTIFICATION
DataMatrix Creation In None
Using Barcode creation for Font Control to generate, create Data Matrix ECC200 image in Font applications.
www.OnBarcode.com
Drawing Data Matrix ECC200 In None
Using Barcode encoder for Font Control to generate, create Data Matrix ECC200 image in Font applications.
www.OnBarcode.com
Some NIS and HP-UX environments don t use shadow files to hold encrypted passwords and account-aging information. The users encrypted passwords are held in the second field of the world-readable password file. If you think this isn t the best method to maintain security, you are correct. Also, without the shadow file, there is no information tracking the age of a password. In 37 I will demonstrate another script that can be used to create and maintain a pseudo shadow file on such systems.
Encoding Barcode In None
Using Barcode encoder for Font Control to generate, create Barcode image in Font applications.
www.OnBarcode.com
EAN 13 Generation In None
Using Barcode creator for Font Control to generate, create EAN 13 image in Font applications.
www.OnBarcode.com
Script Initialization
Quick Response Code Generator In None
Using Barcode creator for Font Control to generate, create Denso QR Bar Code image in Font applications.
www.OnBarcode.com
Generate Code 39 Extended In None
Using Barcode drawer for Font Control to generate, create USS Code 39 image in Font applications.
www.OnBarcode.com
First off, we have to set a bunch of environment variables. Originally these were set in a separate file accessed from our script. This makes configuration a bit more convenient, but to simplify this demonstration, I included the initialization of the variables in the script.
Code 128B Maker In None
Using Barcode drawer for Font Control to generate, create ANSI/AIM Code 128 image in Font applications.
www.OnBarcode.com
USD8 Creation In None
Using Barcode generator for Font Control to generate, create USD8 image in Font applications.
www.OnBarcode.com
#!/bin/sh HOME=/usr/local/pass_aging
Read Data Matrix ECC200 In VS .NET
Using Barcode reader for .NET framework Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Scan Data Matrix In C#
Using Barcode reader for VS .NET Control to read, scan read, scan image in VS .NET applications.
www.OnBarcode.com
The following line of code establishes the number of days that the user s password is valid before the account will be locked. The value could also be set dynamically by pulling the fifth field from the /etc/shadow file if the account has been configured appropriately. However, I have found that accounts on a system often are created by many different people and the fields in the /etc/shadow file are not always filled in correctly to include appropriate account-expiration settings.
Barcode Scanner In Visual Basic .NET
Using Barcode Control SDK for .NET framework Control to generate, create, read, scan barcode image in .NET framework applications.
www.OnBarcode.com
Decoding USS Code 39 In None
Using Barcode scanner for Software Control to read, scan read, scan image in Software applications.
www.OnBarcode.com
VALID_DAYS=90
Data Matrix 2d Barcode Drawer In Visual Studio .NET
Using Barcode creator for Reporting Service Control to generate, create Data Matrix ECC200 image in Reporting Service applications.
www.OnBarcode.com
Reading EAN-13 Supplement 5 In Visual Basic .NET
Using Barcode recognizer for VS .NET Control to read, scan read, scan image in .NET applications.
www.OnBarcode.com
The ENVIRONMENT variable is used to customize the notifications with some meaningful information about the affected accounts. For example, you can assign Accounting or Development to the ENVIRONMENT variable. A notification might then read, Your Development account is about to expire.
UCC - 12 Generation In None
Using Barcode encoder for Microsoft Word Control to generate, create UPC-A image in Microsoft Word applications.
www.OnBarcode.com
Code 128 Maker In Java
Using Barcode generation for Java Control to generate, create Code 128A image in Java applications.
www.OnBarcode.com
ENVIRONMENT="Scripting"
Make PDF-417 2d Barcode In Visual Basic .NET
Using Barcode creation for .NET Control to generate, create PDF 417 image in .NET framework applications.
www.OnBarcode.com
Print Code 128B In Objective-C
Using Barcode generator for iPhone Control to generate, create Code 128C image in iPhone applications.
www.OnBarcode.com
The following code shows the e-mail addresses used for administrative notification. The reports of account-password aging are sent to the ADMIN_EMAIL address. The DEBUG_EMAIL address is used for testing.
Draw Code39 In Objective-C
Using Barcode maker for iPhone Control to generate, create Code39 image in iPhone applications.
www.OnBarcode.com
Recognizing PDF-417 2d Barcode In C#.NET
Using Barcode reader for .NET framework Control to read, scan read, scan image in VS .NET applications.
www.OnBarcode.com
ADMIN_EMAIL=root DEBUG_EMAIL=
Since this script has the potential for disrupting your environment by modifying passwd and shadow files, it would be wise to perform a lot of testing prior to running it. However, when the DEBUG_EMAIL variable is non-null, the shadow file will not be updated and users will not be notified. The notifications that would have been sent to the users will instead
CHAPTER 36 PASSWORD-AGING NOTIFICATION
be sent to the DEBUG_EMAIL address. This may generate a lot of mail to that address, but this setting prevents potentially major problems and it is worth using. Next the passwd and shadow files are configured to be used with this script. It would be wise to make backup copies of the real files. These definitions are useful in that you can configure the script to work with NIS since those files don t generally live in /etc.
shad=/usr/local/pass_aging/bin/shadow_copy pswd=/usr/local/pass_aging/bin/passwd_copy
The exclude file, shown next, is a flat file containing a list of usernames not to be modified by the script. In some environments there may be userless accounts (such as apache or sendmail, which are associated with applications) that would break if the accounts were suddenly locked. You could improve this script by using a file that associates userless accounts with the e-mail addresses for the users responsible for those accounts. This would allow a notification to be sent to the account owner when expiration is approaching. It would also separate the management of this type of account from the general exclude list.
exclude="$HOME/config/exclude_list"
The following code shows a few more variables to set up some paths, filenames, and various other items in our script. The ED variable defines the file that will contain editing changes to be made to the shadow file. The max variable represents the number of days a password is permitted to exist without change. The notify variable is used to start notifying users that their accounts are about to expire. The notifications start two weeks (14 days) prior to expiration. The remaining variable assignments specify files that will all contain parts of the final aging report that is sent to the administrator. Nothing too fancy here.
ED=ed.script max=$VALID_DAYS notify=$(($max-14)) OUTFILE=$HOME/aging NOTEOUT=$HOME/notes WARNOUT=$HOME/warnings REPORT=$HOME/report ARCHIVE=$HOME/archive BIN="$HOME/bin"
Since this script is going to read and potentially modify the shadow file, it must be run as root. You have to ensure that this is the case when installing the script.
Copyright © OnBarcode.com . All rights reserved.