|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| changing passwords remotely on sun boxes | Terrible | Shell Programming and Scripting | 0 | 08-07-2006 05:13 AM |
| Changing Users | Bab00shka | Shell Programming and Scripting | 2 | 08-01-2003 01:44 AM |
| su - user... how to find out the list of users and their passwords.. | yls177 | UNIX for Dummies Questions & Answers | 2 | 11-13-2002 03:07 AM |
| Perl script - changing passwords | thehoghunter | Shell Programming and Scripting | 3 | 05-03-2002 07:11 AM |
| passwords changing | viperws | UNIX for Dummies Questions & Answers | 1 | 01-02-2002 06:43 PM |
 |
|
|
Submit Tools | LinkBack | Thread Tools | Display Modes |
04-09-2002
|
|||
|
|||
Changing Users Passwords Via Script?
I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and print them out so that I do not have to think of and write down the passwords for safe keeping.
Yep, you guessed the next question... how can I pass the passwords to a script which will change them automatically on each machine? I have done quite a bit of looking into this and found one answer is to use the GNU expect binary, but I am having difficulties getting the binary working on our servers, should I not get it working does any one have any ideas? Please note that company policy does not allow me to use remote shells, psuedo root users and none expiring accounts. Thanks in advance - Paul |
| Forum Sponsor | ||
|
|
|
04-09-2002
|
|||
|
|||
|
If the company wants all the security -then show them that the only way to do what they want is with a 3rd party security package.
OR You could use a NIS root account - this is how - You have your normal root account which has it's info in /etc/passwd (and shadow). If the server looks at NIS before files, then you could have an NIS root account - one password for all servers (yes, drawbacks to that too!). If NIS was unavailable, you would have to know what the server's local root password is to log in or su to root. To change passwords on all servers requires setting up some type of allowed access - there is a 'free' product called cfengine which worked well (although our site lost 46 servers in one minute due to a bug {which was fixed but we never used it again}). Another way is if you have programming knowledge is to write your own. My own opinion is with the 3rd party software. I've seen it work and it makes it easy to use (this was on a mix of Solaris and HP servers). I think RSA Security makes/sells it. |
|
04-09-2002
|
|||
|
|||
|
i found this script which uses expect awhile ago, haven't had time to mess with it though, maybe it will help get you started
Code:
#!/usr/local/bin/expect
if { $argc != 3 } {
puts "Usage:"
puts "$argv0 username oldpwd newpwd"
exit
}
#set machine [lindex $argv 0]
set username [lindex $argv 0]
set oldpwd [lindex $argv 1]
set newpwd [lindex $argv 2]
set completed_list " "
#-----------------------------------------
# All machines where set password on
#-----------------------------------------
set machine_list {
machine1
machine2
machine3
etc
etc
}
#----------------------------------------------------
# Ping machines to see which ones are available
# ok machines in run_list
#----------------------------------------------------
foreach machine $machine_list {
if { [ catch { exec ping -c 1 $machine } ] == 0 } {
lappend run_list $machine
}
}
proc exclude_list {} {
set count 0
global machine_list run_list
foreach machine $machine_list {
incr count
if { [ lsearch $run_list $machine ] < 0 } {
puts "\t$count)\t$machine"
}
}
puts ""
}
proc include_list {} {
puts "Will now try to change password on following machines:"
set count 0
global machine_list run_list
foreach machine $run_list {
incr count
puts "\t$count)\t$machine"
}
puts ""
}
proc continue_chk {} {
global run_list
while {1} {
include_list
puts -nonewline "\nDo you want to continue or (m)odify list? (y/n/m): "
gets stdin ans
if { 1 == [regexp {^y|Y$} $ans] } {
puts "yes"
break
} elseif { 1 == [regexp {^m|M$} $ans] } {
puts -nonewline "\n Enter number to remove: "
gets stdin ans
set r_num [expr {$ans - 1}]
puts $run_list
set run_list [ lreplace $run_list $r_num $r_num ]
} else {
puts "no"
exit
}
}
}
puts "Failed to ping following machines:"
exclude_list
#puts "Will now try to change password on following machines:"
#include_list
continue_chk
foreach machine $run_list {
set change 0
spawn telnet $machine
while {1} {
expect {
timeout break
"\rlogin:" { sleep 1
send "${username}\r" }
"New password" { send "${newpwd}\r"
lappend completed_list $machine
set change 1 }
"new password" { send "${newpwd}\r"
set change 1 }
"Old password:" { send "${oldpwd}\r" }
"Password:" { send "${oldpwd}\r" }
"\\\$" { if {$change == 0} {
send "passwd\r"
set change 1
} else {
send "exit\r" }
}
"changed" { send "exit\r" }
"closed" { break }
}
sleep 1
}
}
puts " "
puts "Password changed on following machines:"
foreach machine $completed_list {
puts $machine
}
puts " "
puts "Password NOT changed on following machines:"
foreach machine $machine_list {
if { [ lsearch $completed_list $machine ] < 0 } {
puts $machine
}
}
exit
Last edited by oombera; 02-20-2004 at 10:00 AM. |
Linear Mode
