Posted by ajt on Fri 3 Jun 2005 at 12:01
At work we are forced to expire the root password every 60 days. I would have root locked and sudo for everything, but to comply with SOX rules IT had mandated this silly policy. The snag is we often don't login, so when we need to, the password has expired and we can't become root. I just sudo to root, but not other staff - they reboot into single mode, and then set a new password...
I'm about to write a small bash script to look at the /etc/shadow file, and work out when things will expire, and then send an email warning of the exipration. I'd run it daily on cron job. This seems like an obvious admin tool, are there any packages for this already?
Thanks in advance.