Script to change UNIX password | Unix Linux Forums | Shell Programming and Scripting

  Go Back    


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

Script to change UNIX password

Shell Programming and Scripting


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 04-22-2002
kornshellmaven kornshellmaven is offline
Registered User
 
Join Date: Apr 2001
Last Activity: 10 August 2009, 3:53 PM EDT
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Question Script to change UNIX password

My shop has just ordained that all UNIX passwords expire after 45 days. We do NOT have a "single logon" facility, so I will need to logon to each of the servers (15+) I interact with and change my password by hand. I thought I could invoke passwd inside a ksh script as a Here document and effectively change my password, stage this script on all the servers under my id, and then invoke via REXEC from one server.

Unfortunately, when I run passwd as a Here doc, it doesn't take my old/new password from stdin.

Here's what I'm doing inside pass.sh:

#!/usr/bin/ksh
passwd <<EOF
oldpassword
newpassword
newpassword
EOF

Does anyone have any thoughts on how I can "synchronize" all my passwords? (I don't have root privs - I'm a developer, not an administrator).
Sponsored Links
    #2  
Old 04-22-2002
hugo_perez hugo_perez is offline
Registered User
 
Join Date: Apr 2002
Last Activity: 10 July 2013, 10:52 AM EDT
Location: Argentine
Posts: 133
Thanks: 0
Thanked 0 Times in 0 Posts
Use the expect tool, or similar to synchronize a user.

If you want to synchronize all the user's, you can use rdist,
rsync, supper or such kind of commands (depend of your OS).

Regards. Hugo.
Sponsored Links
    #3  
Old 04-22-2002
kornshellmaven kornshellmaven is offline
Registered User
 
Join Date: Apr 2001
Last Activity: 10 August 2009, 3:53 PM EDT
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Hugo,

Thanks for your reply.

We're running under Sun Solaris 2.6 & 2.7

The man pages for rdist - shows info for remote file distribution.
There are no man pages for rsync or supper.

How would rdist help me?

I indicated I'm a developer w/o root/admin privileges. Also we are prevented from creating/updating .rhosts files.

John
    #4  
Old 04-22-2002
hugo_perez hugo_perez is offline
Registered User
 
Join Date: Apr 2002
Last Activity: 10 July 2013, 10:52 AM EDT
Location: Argentine
Posts: 133
Thanks: 0
Thanked 0 Times in 0 Posts
The others commands are AIX commands (supper in SP2 environments) and a GNU tool, both for distribute files.

Whith rdist, you can distribute the following files:

/etc/passwd
/etc/groups
/etc/shadow

and if you use solaris 8

/etc/user_attr.



---------------------------------------

If only want to change one password, use "expect"
http://www.sunfreeware.com

ask the administrator to install expect and tcl.
(and give you acces to expect /usr/local/bin )

tcl
and
expect

(tcl is a pre-requisite of expect pakage).

Note: You need to create a expect file and call expect -f my_expect1

Example of my_expect1

spawn telnet [lindex $argv 0]
expect "login: "
send "[lindex $argv 1]\r"
expect "Password: "
send "[lindex $argv 2]\r"
expect "Sun Microsystems Inc. SunOS 5.8 Generic February 2000"
send "passwd\r"
expect "Enter login password: "
send "[lindex $argv 2]\r"
expect "New password: "
send "[lindex $argv 3]\r"
expect "e-enter new password: "
send "[lindex $argv 3]\r"
expect eof

Note: To call

expect -f my_expect1 <server> <user_name> <old_passwd> <new_passwd>

also you need to make a script to cal the previous line giving the apropiate parameters.

IMPORTANT: Is convenient that anybody was login into the server,
because with a ps he can view your passwd.


Regards. Hugo.

Last edited by hugo_perez; 04-22-2002 at 03:30 PM..
Sponsored Links
    #5  
Old 04-22-2002
kornshellmaven kornshellmaven is offline
Registered User
 
Join Date: Apr 2001
Last Activity: 10 August 2009, 3:53 PM EDT
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
My SA says he could install Expect/TCL on our development box, but would not be able to justify the install on our UAT & PROD servers. Providing a "convenience" to folks to synchronize passwords would not be considered justification to install software.... (And I have an extremely cooperative SA!).

Our technical organization recently merged with another "sister" technical group and their procedures are being inflicted on the rest of us. Also the auditors have been having a field day...hence the implementation of pasword rules, use of sudo, restrictions on FTP only accts, etc. etc.
Sponsored Links
    #6  
Old 04-22-2002
hugo_perez hugo_perez is offline
Registered User
 
Join Date: Apr 2002
Last Activity: 10 July 2013, 10:52 AM EDT
Location: Argentine
Posts: 133
Thanks: 0
Thanked 0 Times in 0 Posts
The expect tool is a powerfull tool and can be used to automate diferents jobs, you need to use your imagination to give him the
benefits of install this tool.

ANYWAY you only need to install the tool in one server that have connectivity to the others.


from your development server


ksh script change_passwd.sh

#!/bin/ksh
for server in server1 server2 server3 ... servern
do
expect -f my_expect1 $server <login_name> $1 $2
sleep 5
done

----
call ./change_passwd.sh <old_passwd> <new_passwd>

Regards, Hugo.

Last edited by hugo_perez; 04-22-2002 at 04:04 PM..
Sponsored Links
    #7  
Old 04-23-2002
Kelam_Magnus's Avatar
Kelam_Magnus Kelam_Magnus is offline Forum Advisor  
Registered User
 
Join Date: Aug 2001
Last Activity: 18 April 2013, 3:03 PM EDT
Location: San Antonio, TX,
Posts: 1,070
Thanks: 0
Thanked 4 Times in 4 Posts
Some clarification is in order from you...

Is this only for your personal passwords? And not for ALL users on all boxes?

And what do you mean by "synchronize" passwords. Are you using the SAME password on every box? That is not a very good standard for security... If your company is hot for security of passwords, they need to look into a product called SecurID. It is a one-time password with algorithm that is good for 4 years per user.

Also, if you have logons for all 15+ boxes, why can't you login to each and change them manully? I know that manual is not always the easiest way, but it may be the best way.



Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Unix script to change password nimo Shell Programming and Scripting 7 12-17-2009 09:32 AM
Where to change the UNIX password prompt? DrivesMeCrazy UNIX for Dummies Questions & Answers 0 05-05-2009 04:12 AM
how to change root password using shell script with standard password kurva Shell Programming and Scripting 2 02-25-2009 01:35 AM
Change Password In A Shell Script pintu_asim Shell Programming and Scripting 6 06-29-2006 10:16 AM
Change password script in Unix easily.. zp523444 UNIX for Advanced & Expert Users 4 11-14-2005 02:14 PM



All times are GMT -4. The time now is 11:24 AM.