SUMMARY: expiration

From: Fiorella Sartori (
Date: Fri Apr 05 1996 - 05:15:22 CST

Sorry for summaring only now, but we tried the solution of the problem
before mail it.
Thanks to all the persons who have replied to our question (only two..):

Philip Plane <>
Luigi Zerbi <>

This is the question whe have submitted you:

> Hi all,
> i'm having a problem with the user expiration date on my Sun ultra1 with
> solaris 2.5. When i set an expiration date for a user, it works well
> with telnet connections but it does not have any effect when the connections
> are made using an Xterminal with openwindows.
> Any suggestions?
> Thanks in advance.

What Philip Plane had suggested us (you can read it below) was a good idea.
Now we have the program to check expiration about users, and we have
included it in file /usr/openwin/lib/xdm/Xsession.
Just a note:
the script didn't go well, because users had not read permissions for the file
/etc/shadow (by default, only root has it). We executed the command to give
read permissions for all users, and then everything was ok!
Thank you!!!



------------------------------------------------------------------------- | Fiorella Sartori | Phone : +39-461-881598 | | C.I.S.C.A. | Fax : +39-461-881668 | | University of Trento | E-Mail: | | Via Sommarive, 14 | | | I-38050 POVO (Trento), ITALY | | -------------------------------------------------------------------------


Philip Plane wrote: -------------------------------------------------------------------------------


I had the same problem. To get around this I wrote a program to check if a user had expired. Then I changed /usr/openwin/lib/xdm/Xsession to check user was valid before letting them start openwindows.

So my Xsession has:

if /usr/local/bin/valid; then

[usual stuff to start openwin] fi

Here is the source to my little program. If you can use it you're welcome to. I'm not sure if this program is the actual one I use, because I messed up my original source, but it should be close enough to let you fix it.

/* valid.c Philip Plane <> 25 July 1995 Gets a users details, including when their account expires. returns 1 if account has expired, and logs the problem. returns 0 if account is still good. Must be run as root. */ #include <stdio.h> #include <sys/types.h> #include <shadow.h> #include <stdlib.h> #include <time.h> #include <syslog.h> char username[L_cuserid]; struct spwd *shadow_rec; time_t expires, current_date, current_time, *current_time_ptr; main() { /* get the current time */ current_time_ptr = &current_time; (void)time(current_time_ptr); /* convert to number of days since 1 Jan 1970 */ current_date = (int)current_time/86400; (void)cuserid(username); shadow_rec = getspnam(username); if ( shadow_rec ) { expires = shadow_rec->sp_expire; if ( (expires > 0) && (expires < current_date) ) /* Account has expired */ { return(1); openlog("validate_user",LOG_CONS,LOG_AUTH); syslog(LOG_NOTICE,"user %s account has expired",username); closelog(); } else /* Account is valid */ return(0); } else { (void)printf("no reply - you must be root to get a reply\n"); openlog("validate_user",LOG_CONS,LOG_AUTH); syslog(LOG_NOTICE,"no reply - you must be root to get a reply"); closelog(); return(255); } }

Luigi Zerbi wrote: -------------------------------------------------------------------------------

Ho gia' affrontato il problema, anche aprendo una chiamata in SUN, ma la risposta e' stata che solo con Solaris 2.6 si dovrebbe uniformare il meccamismo di validificazione tra login e xdm, percui con Solaris 2.5 non esiste possibilita' di intercettare la scadenza delle password. Se qualcuno ti da' un workaorund fai un sommario.

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:56 CDT