The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
Changing Users Passwords Via Script? Changing Users Passwords Via Script?
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
changing passwords remotely on sun boxes Terrible Shell Programming and Scripting 0 08-07-2006 08:13 AM
Changing Users Bab00shka Shell Programming and Scripting 2 08-01-2003 04:44 AM
su - user... how to find out the list of users and their passwords.. yls177 UNIX for Dummies Questions & Answers 2 11-13-2002 07:07 AM
Perl script - changing passwords thehoghunter Shell Programming and Scripting 3 05-03-2002 10:11 AM
passwords changing viperws UNIX for Dummies Questions & Answers 1 01-02-2002 10:43 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 04-09-2002
PJolliffe PJolliffe is offline
Registered User
  
 

Join Date: Apr 2002
Posts: 1
Question Changing Users Passwords Via Script?
I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and print them out so that I do not have to think of and write down the passwords for safe keeping.

Yep, you guessed the next question... how can I pass the passwords to a script which will change them automatically on each machine?

I have done quite a bit of looking into this and found one answer is to use the GNU expect binary, but I am having difficulties getting the binary working on our servers, should I not get it working does any one have any ideas?

Please note that company policy does not allow me to use remote shells, psuedo root users and none expiring accounts.

Thanks in advance

- Paul
  #2 (permalink)  
Old 04-09-2002
thehoghunter
Guest
  
 

Posts: n/a
Bits: 0 [Banking]
If the company wants all the security -then show them that the only way to do what they want is with a 3rd party security package.

OR

You could use a NIS root account - this is how -
You have your normal root account which has it's info in /etc/passwd (and shadow). If the server looks at NIS before files, then you could have an NIS root account - one password for all servers (yes, drawbacks to that too!). If NIS was unavailable, you would have to know what the server's local root password is to log in or su to root.

To change passwords on all servers requires setting up some type of allowed access - there is a 'free' product called cfengine which worked well (although our site lost 46 servers in one minute due to a bug {which was fixed but we never used it again}). Another way is if you have programming knowledge is to write your own.

My own opinion is with the 3rd party software. I've seen it work and it makes it easy to use (this was on a mix of Solaris and HP servers). I think RSA Security makes/sells it.
  #3 (permalink)  
Old 04-09-2002
edog edog is offline
Registered User
  
 

Join Date: Sep 2001
Location: Green Bay, WI
Posts: 66
i found this script which uses expect awhile ago, haven't had time to mess with it though, maybe it will help get you started
Code:
#!/usr/local/bin/expect

if { $argc != 3 } {
    puts "Usage:"
    puts "$argv0 username oldpwd newpwd"
    exit
}

#set machine  [lindex $argv 0]
set username [lindex $argv 0]
set oldpwd   [lindex $argv 1]
set newpwd   [lindex $argv 2]
set completed_list " "

#-----------------------------------------
# All machines where set password on
#-----------------------------------------
set machine_list {
machine1
machine2
machine3
etc
etc
}


#----------------------------------------------------
# Ping machines to see which ones are available
#   ok machines in run_list
#----------------------------------------------------
foreach machine $machine_list {
    if { [ catch { exec ping -c 1 $machine  } ] == 0 } {
        lappend run_list $machine
    }
}


proc exclude_list {} {
    set count 0
    global machine_list run_list
    foreach machine $machine_list {
        incr count
        if { [ lsearch $run_list $machine ] < 0 } {
            puts "\t$count)\t$machine"
        }
    }    
    puts ""
}

proc include_list {} {
    puts "Will now try to change password on following machines:"
    set count 0
    global machine_list run_list
    foreach machine $run_list {
        incr count
            puts "\t$count)\t$machine"
    }
    puts ""
}

proc continue_chk {} {
    global run_list
    while {1} {
        include_list
        puts -nonewline "\nDo you want to continue or (m)odify list? (y/n/m): "
        gets stdin ans 
        if { 1 == [regexp {^y|Y$} $ans]  } {
            puts "yes"
            break
        } elseif { 1 == [regexp {^m|M$} $ans]  } {
            puts -nonewline "\n Enter number to remove: "
            gets stdin ans 
            set r_num [expr {$ans - 1}]
            puts $run_list
            set run_list [ lreplace $run_list $r_num $r_num ] 
        } else {
            puts "no"
            exit
        }
    }
}
    
puts "Failed to ping following machines:"
exclude_list

#puts "Will now try to change password on following machines:"
#include_list

continue_chk

foreach machine $run_list { 
    set change 0
    spawn telnet $machine
    while {1} {
        expect  { 
            timeout         break
            "\rlogin:"        { sleep 1
                              send "${username}\r" }
            "New password"  { send "${newpwd}\r" 
                              lappend completed_list $machine
                              set change 1 }
            "new password"  { send "${newpwd}\r" 
                             set change 1 }
            "Old password:" { send "${oldpwd}\r" }
            "Password:"     { send "${oldpwd}\r" }
            "\\\$"            { if {$change == 0} { 
                                  send "passwd\r" 
                                  set change 1 
                              } else {
                                  send "exit\r" }
                            }
            "changed"       { send "exit\r" }
            "closed"        { break }
        }
        sleep 1
    }
}
    
puts " "
puts "Password changed on following machines:"
foreach machine $completed_list {
    puts $machine
}

puts " "
puts "Password NOT changed on following machines:"
foreach machine $machine_list {
    if { [ lsearch $completed_list $machine ] < 0 } {
        puts $machine
    }
}
exit
added code tags for readability --oombera
Last edited by oombera; 02-20-2004 at 02:00 PM..
  #4 (permalink)  
Old 04-10-2002
Perderabo's Avatar
Perderabo Perderabo is offline Forum Staff  
Unix Daemon
  
 

Join Date: Aug 2001
Location: Ashburn, Virginia
Posts: 9,111
Can can obtain "expect" and every other well known free software package already compiled to run on HP-UX. See this post for details.
Closed Thread

Bookmarks

« Unix Code | HP-UX lp spooling places »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 07:09 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0