Agnus Dei (jackal) wrote,
Agnus Dei
jackal

bash script for telling you when your Kerberos password is going to expire (freeipa)

#!/bin/bash

LDAPSERVER=freeipa.XXXXXX.XXXXXXX.com

if [[ "$USER" == "root" ]];then
    exit
fi

LDAPDATA=`ldapsearch -N -Y GSSAPI -h $LDAPSERVER -b "cn=users,cn=accounts,dc=XXXXX,dc=XXXXX,dc=com" uid=$USER krbPasswordExpiration 2>&1`
if [[ $? -ne 0 ]]; then
    echo "ldapsearch command failed. Do you have valid Kerberos tickets for $USER?"
    exit
fi
EXPIRE_DATE_TIME=`/bin/echo $LDAPDATA |grep "krbPasswordExpiration:"`
if [[ $? -ne 0 ]]; then
    echo "ldapsearch command failed. No krbPasswordExpiration data returned for $USER"
    exit
fi
EXPIRE_DATE_TIME=`/bin/echo $EXPIRE_DATE_TIME |sed -r "s/.*krbPasswordExpiration: ([0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])([0-9][0-9][0-9][0-9]).*/\1 \2/"  `
EXPIRE_DATE_EPOCH=`date --date "$EXPIRE_DATE_TIME" +%s`
NOW_DATE_EPOCH=`date +%s`
DATE_DIFF=`expr $EXPIRE_DATE_EPOCH - $NOW_DATE_EPOCH`
DAYS=`expr $DATE_DIFF / 86400`
echo "Your Kerberos Password expires in $DAYS days ($USER, `date -d @${EXPIRE_DATE_EPOCH}`)"




Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 0 comments