Script to change UNIX password


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Script to change UNIX password
# 1  
Old 04-22-2002
Question Script to change UNIX password

My shop has just ordained that all UNIX passwords expire after 45 days. We do NOT have a "single logon" facility, so I will need to logon to each of the servers (15+) I interact with and change my password by hand. I thought I could invoke passwd inside a ksh script as a Here document and effectively change my password, stage this script on all the servers under my id, and then invoke via REXEC from one server.

Unfortunately, when I run passwd as a Here doc, it doesn't take my old/new password from stdin.

Here's what I'm doing inside pass.sh:

#!/usr/bin/ksh
passwd <<EOF
oldpassword
newpassword
newpassword
EOF

Does anyone have any thoughts on how I can "synchronize" all my passwords? (I don't have root privs - I'm a developer, not an administrator).
# 2  
Old 04-22-2002
Use the expect tool, or similar to synchronize a user.

If you want to synchronize all the user's, you can use rdist,
rsync, supper or such kind of commands (depend of your OS).

Regards. Hugo.
# 3  
Old 04-22-2002
Hugo,

Thanks for your reply.

We're running under Sun Solaris 2.6 & 2.7

The man pages for rdist - shows info for remote file distribution.
There are no man pages for rsync or supper.

How would rdist help me?

I indicated I'm a developer w/o root/admin privileges. Also we are prevented from creating/updating .rhosts files.

John
# 4  
Old 04-22-2002
The others commands are AIX commands (supper in SP2 environments) and a GNU tool, both for distribute files.

Whith rdist, you can distribute the following files:

/etc/passwd
/etc/groups
/etc/shadow

and if you use solaris 8

/etc/user_attr.



---------------------------------------

If only want to change one password, use "expect"
http://www.sunfreeware.com

ask the administrator to install expect and tcl.
(and give you acces to expect /usr/local/bin )

tcl
and
expect

(tcl is a pre-requisite of expect pakage).

Note: You need to create a expect file and call expect -f my_expect1

Example of my_expect1

spawn telnet [lindex $argv 0]
expect "login: "
send "[lindex $argv 1]\r"
expect "Password: "
send "[lindex $argv 2]\r"
expect "Sun Microsystems Inc. SunOS 5.8 Generic February 2000"
send "passwd\r"
expect "Enter login password: "
send "[lindex $argv 2]\r"
expect "New password: "
send "[lindex $argv 3]\r"
expect "e-enter new password: "
send "[lindex $argv 3]\r"
expect eof

Note: To call

expect -f my_expect1 <server> <user_name> <old_passwd> <new_passwd>

also you need to make a script to cal the previous line giving the apropiate parameters.

IMPORTANT: Is convenient that anybody was login into the server,
because with a ps he can view your passwd.


Regards. Hugo.

Last edited by hugo_perez; 04-22-2002 at 04:30 PM..
# 5  
Old 04-22-2002
My SA says he could install Expect/TCL on our development box, but would not be able to justify the install on our UAT & PROD servers. Providing a "convenience" to folks to synchronize passwords would not be considered justification to install software.... (And I have an extremely cooperative SA!).

Our technical organization recently merged with another "sister" technical group and their procedures are being inflicted on the rest of us. Also the auditors have been having a field day...hence the implementation of pasword rules, use of sudo, restrictions on FTP only accts, etc. etc.
# 6  
Old 04-22-2002
The expect tool is a powerfull tool and can be used to automate diferents jobs, you need to use your imagination to give him the
benefits of install this tool.

ANYWAY you only need to install the tool in one server that have connectivity to the others.


from your development server


ksh script change_passwd.sh

#!/bin/ksh
for server in server1 server2 server3 ... servern
do
expect -f my_expect1 $server <login_name> $1 $2
sleep 5
done

----
call ./change_passwd.sh <old_passwd> <new_passwd>

Regards, Hugo.

Last edited by hugo_perez; 04-22-2002 at 05:04 PM..
# 7  
Old 04-23-2002
Some clarification is in order from you...

Is this only for your personal passwords? And not for ALL users on all boxes?

And what do you mean by "synchronize" passwords. Are you using the SAME password on every box? That is not a very good standard for security... If your company is hot for security of passwords, they need to look into a product called SecurID. It is a one-time password with algorithm that is good for 4 years per user.

Also, if you have logons for all 15+ boxes, why can't you login to each and change them manully? I know that manual is not always the easiest way, but it may be the best way.



Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

2. Shell Programming and Scripting

Shell script to change the password

Hi Folks, I am trying to change the password for the user "sysservice" Where my requirement is login to each server and exit from that and ssh to the next server.. I have enabled the password less auth for the user sysservice. for i in `cat /home/sysservice/servers.txt` do ssh... (1 Reply)
Discussion started by: gsiva
1 Replies

3. Shell Programming and Scripting

A script to change password for all other servers

Hey Gurus, I have this requirement to change the password for other servers remotely from one server. So, I installed public keys on all servers and wrote the following script to do the job. Something appears to be wrong with my loop, as it only changes one server and ignores the rest. I'm... (24 Replies)
Discussion started by: Hiroshi
24 Replies

4. Shell Programming and Scripting

Script to change password in UNIX

Hi Friends, Every morning i need to change the password, please advise how it can be automated. I am having pre planned password list for 4 months which can be used as input file for new passwords. Thanks (28 Replies)
Discussion started by: rajjev_saini123
28 Replies

5. HP-UX

Automatic script to change the UNIX Password

Hi, we have around 50 users and every month we need to change the password manually once its expire. do we have any script to change the password automatically. OS -HP-UX Thanks in advance.. (6 Replies)
Discussion started by: periyasamycse
6 Replies

6. Shell Programming and Scripting

Unix script to change password

Hello Gurus I have little challenge which I do not know how to address it. I have unix account on many servers (let's say over 25). These accounts expire every 60 days. Is there scripts that I can run from my "local computer" and pass a new password to it where it would change it for me on all... (7 Replies)
Discussion started by: nimo
7 Replies

7. UNIX for Dummies Questions & Answers

Where to change the UNIX password prompt?

Hi guys, I got these 3 servers: a, b and c which I ssh from a to b/c. a:$ ssh userid@b Password: a:$ ssh userid@c userid@c's password: Notice that the password prompt is different (highlighted in bold) on both servers even though their SUN Solaris version the same, OpenSSH version... (0 Replies)
Discussion started by: DrivesMeCrazy
0 Replies

8. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

9. Shell Programming and Scripting

script/program to change the password ?

hi, Somebody have or known where i can find a perl small perl program to change the password. The point: First it verify is the user exist, checking the old typed password and replace it with new. The passwords must be encoded. Thanks, very much! (0 Replies)
Discussion started by: kad
0 Replies

10. UNIX for Advanced & Expert Users

Change password script in Unix easily..

I have more than 50 server unix's password need to change, usually I assign one password for all hosts, for easy remember, but I need to change password every two months..it's very tried to change password every 2 months, is there any unix script that can change password easily? ie ' script... (4 Replies)
Discussion started by: zp523444
4 Replies
Login or Register to Ask a Question