警告密码过期而不强制更改

Question 1

如果您不反对使用自定义脚本，请尝试将此作为pam_exec脚本：

#! /bin/bash
LAST_DATE=$(date -d "$(chage -l $PAM_USER  | awk -F: '/Last password/{print $2}')" '+%s')
TODAY=$(date '+%s')
MAX_AGE=60
if (( (($TODAY - $LAST_DATE) / 86400) > $MAX_AGE ))
then
    echo "Please change your password!"
fi

将其保存在某处（例如，/usr/local/bin/pass-warn.sh），然后添加一行/etc/pam.d/sshd：

session optional pam_exec.so stdout /usr/local/bin/pass-warn.sh

Answer

如果您不反对使用自定义脚本，请尝试将此作为pam_exec脚本：

#! /bin/bash
LAST_DATE=$(date -d "$(chage -l $PAM_USER  | awk -F: '/Last password/{print $2}')" '+%s')
TODAY=$(date '+%s')
MAX_AGE=60
if (( (($TODAY - $LAST_DATE) / 86400) > $MAX_AGE ))
then
    echo "Please change your password!"
fi

将其保存在某处（例如，/usr/local/bin/pass-warn.sh），然后添加一行/etc/pam.d/sshd：

session optional pam_exec.so stdout /usr/local/bin/pass-warn.sh

Question 2

如果您设置了密码有效期，那么pam_unix.so密码过期后将拒绝其身份验证。要执行您想要的操作，您可以在他们的登录脚本中添加一些内容。例如，我可以将以下内容添加到/etc/profile.d：

#!/bin/bash
maxDays=30
dayLastChanged=$(passwd -S $(whoami) | awk '{print $3}')

currentTimestamp=$(date "+%s")
lastChangeTimestamp=$(date -d $dayLastChanged "+%s")

timestampDifference=$(( $currentTimestamp - $lastChangeTimestamp ))
maxSeconds=$(( $maxDays * 86400 ))

if [[ $timestampDifference -gt $maxSeconds ]]; then    
   echo "Yo, you need to change your password bud. Otherwise the guys with white-on-white ties are coming for you."    
fi

Answer

如果您设置了密码有效期，那么pam_unix.so密码过期后将拒绝其身份验证。要执行您想要的操作，您可以在他们的登录脚本中添加一些内容。例如，我可以将以下内容添加到/etc/profile.d：

#!/bin/bash
maxDays=30
dayLastChanged=$(passwd -S $(whoami) | awk '{print $3}')

currentTimestamp=$(date "+%s")
lastChangeTimestamp=$(date -d $dayLastChanged "+%s")

timestampDifference=$(( $currentTimestamp - $lastChangeTimestamp ))
maxSeconds=$(( $maxDays * 86400 ))

if [[ $timestampDifference -gt $maxSeconds ]]; then    
   echo "Yo, you need to change your password bud. Otherwise the guys with white-on-white ties are coming for you."    
fi

警告密码过期而不强制更改

答案1

答案2

相关内容