Plaatsingsdatum: Oct 15, 2010 1:34:17 PM
I don't use admintool to create or maintain user definitions, so I cannot comment on it. But you did ask about command line utilities.
You can get information about a user with the "logins" command (run as root) as follows;
# logins -x -l username
It will produce output that looks like this;
username 1126 groupname 130 Firstname Lastname
/home/username
/bin/ksh
PS 110698 0 60 14
In the above, the UID is "1126" and the GID is "130". The information related to password aging is on the last line of the output. The password status is "PS" (PS for password, NP for no password or LK for locked). This is followed by "110698" the date that the password was last changed, "0" the number of days required between changes (in this case 0 means the password can be changed at any time) , and "60" the number of days allowed before a change is required (ie. maximum number of days between required password changes). The last number "14" is the number of days prior to expiration when a warning message will be display at login time advising the user that their password is about to expire.
These values can be set or modified from the command line by root, using the passwd command as follows;
# passwd -n 0 -w 14 -x 60 username
Where -n is the minimum number of days allowed between password changes, -w is the number of days befor the password expires and the user is warned, and -x is the maximum munber of days that the password will be valid for.
These values can ONLY be queried or changed by root.
When a user changes their password, only the encrypted password and current date are stored in /etc/shadow. The "number-of-days" values are not changed.
The expiration date, is calculated, not stored.