Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Changing Users Passwords Via Script?
Top Forums UNIX for Advanced & Expert Users Changing Users Passwords Via Script? Post 19328 by thehoghunter on Tuesday 9th of April 2002 03:59:12 PM
Old 04-09-2002
If the company wants all the security -then show them that the only way to do what they want is with a 3rd party security package.

OR

You could use a NIS root account - this is how -
You have your normal root account which has it's info in /etc/passwd (and shadow). If the server looks at NIS before files, then you could have an NIS root account - one password for all servers (yes, drawbacks to that too!). If NIS was unavailable, you would have to know what the server's local root password is to log in or su to root.

To change passwords on all servers requires setting up some type of allowed access - there is a 'free' product called cfengine which worked well (although our site lost 46 servers in one minute due to a bug {which was fixed but we never used it again}). Another way is if you have programming knowledge is to write your own.

My own opinion is with the 3rd party software. I've seen it work and it makes it easy to use (this was on a mix of Solaris and HP servers). I think RSA Security makes/sells it.
thehoghunter
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

passwords changing

Hello everyone let me start off by saying happy new year to all I am new to this board. I am running a multipurpose server (web/ftp/email) it runs apache 1.3.20 i think it is and Qmail would I would like to do is find/create a script that will allow my users to change there unix password... (1 Reply)
Discussion started by: viperws
1 Replies

2. Shell Programming and Scripting

Perl script - changing passwords

Just wanted options of this - first 'real' Perl script and I'm not positive of all the quirks in Perl. Any suggestions are welcome. Especially since I'm messing with /etc/shadow! Running Solaris 2.6, Perl 5.005.03 #!/u/bin/perl # # Change the user's old password to the new in /etc/shadow ... (3 Replies)
Discussion started by: thehoghunter
3 Replies

3. Shell Programming and Scripting

changing passwords remotely on sun boxes

now, for reasons i really cant begin to delve into, i have to find a way to be able to rmeotely create user accounts and also assign them passwords. unfortunately, it appears Sun boxes frowns upon this. sun boxes will let u create a user account remotely but will never let u assign the useraccount... (0 Replies)
Discussion started by: Terrible
0 Replies

4. UNIX for Advanced & Expert Users

Monitoring the changing of passwords

What is the best way to monitor who changes passwords, or what passwords get changed? Is there a way to send that over to Syslog? An example would be someone logs in as themselves, changes to root (which I capture by loging auth and auth.info) and then changes a password. Do I need to put an... (1 Reply)
Discussion started by: AW12
1 Replies

5. Solaris

To restrict the users not to change the passwords for NIS users

Hi All, How to restrict the NIS users not to change their passwords in for NIS users?? and my NIS user is unable to login to at client location what could be the problem for this ? Any body can help me. Thanks in advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies

6. Shell Programming and Scripting

script for changing passwords

Hello, We are running aix 5.3. We're looking for a script that can change passwords, taking 2 arguments ( old password, new password ). I am wondering if this can be done with a here document, or some generic scripting method. Or, if I would have to download expect. Alternatively I wonder... (3 Replies)
Discussion started by: fwellers
3 Replies

7. Solaris

Changing Passwords with a script.

We are real strict when it comes to passwords. Every 60 days the admins have to change passwords on all of the accounts. And there is pretty strict enforcement of the type of passwords chosen. This is a tedious and monotonous job. Ww don't use NIS or LDAP, so this has to be done on each machine. ... (5 Replies)
Discussion started by: brownwrap
5 Replies

8. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies

9. Red Hat

Problem with Script to email Admin users with expired passwords writed byygemici

Hi, I have problem with a script, it was working for 6 month and suddenly I started getting strange expire times example: # chage -l wXXp Last password change : Oct 28, 2014 Password expires : Nov 27, 2014 Password... (3 Replies)
Discussion started by: redmansas
3 Replies

LEARN ABOUT OPENDARWIN

nisserver

nisserver(1M)						  System Administration Commands					     nisserver(1M)

NAME

       nisserver - set up NIS+ servers

SYNOPSIS

       /usr/lib/nis/nisserver -r [-x] [-f] [-v] [-Y] [ -d NIS+_domain] [ -g NIS+_groupname] [-l network_passwd]

       /usr/lib/nis/nisserver -M [-x] [-f] [-v] [-Y] -d NIS+_domain [ -g NIS+_groupname] [ -h NIS+_server_host]

       /usr/lib/nis/nisserver -R [-x] [-f] [-v] [-Y] [ -d NIS+_domain] [ -h NIS+_server_host]

DESCRIPTION

       The   nisserver shell script can be used to set up  a root master, non-root master, and replica NIS+ server with level 2 security (DES). If
       other authentication mechanisms are configured with nisauthconf(1M), nisserver will set up a NIS+ server using those  mechanisms.  nisauth-
       conf(1M) should be used before nisserver.

       When  setting up a new domain, this script creates the NIS+ directories (including groups_dir and org_dir) and system table objects for the
       domain specified. It does not populate the tables. nispopulate(1M) must be used to populate the tables.

OPTIONS

       -d NIS+_domain	       Specifies the name for the NIS+ domain.	The default is your  local domain.

       -f		       Forces the  NIS+ server setup without prompting for confirmation.

       -g NIS+_groupname       Specifies the  NIS+ group name for the new domain.  This option is not valid with -R option.  The default group	is
			       admin.<domain>.

       -h NIS+_server_host     Specifies  the  hostname  for the NIS+ server.  It must be a valid host in the local domain.  Use a fully qualified
			       hostname (for example, hostx.xyz.sun.com.) to specify a host outside of your local domain.  This  option  is   only
			       used  for setting up non-root master or replica servers. The default for non-root master server setup is to use the
			       same list of servers as the parent domain. The default for replica server setup is the local hostname.

       -l network_password     Specifies the network password with which to create the credentials for the root master	server.   This	option	is
			       only  used  for	master root server setup (-r option).  If this option is not specified, the script prompts you for
			       the login password.

       -M		       Sets up the specified host as a master server. Make sure that rpc.nisd(1M) is running  on  the  new  master  server
			       before this command is executed.

       -R		       Sets up the specified host as a replica server.	Make sure that rpc.nisd is running on the new replica server.

       -r		       Sets up the server as a root master server.  Use the -R option to set up a root replica server.

       -v		       Runs the script in verbose mode.

       -x		       Turns  the  echo mode on.  The script just prints the commands that it would have executed.  Note that the commands
			       are not actually executed.  The default is off.

       -Y		       Sets up a NIS+ server with NIS-compatibility mode.  The default is to set up the server	without  NIS-compatibility
			       mode.

USAGE

       Use  the first synopsis of the command (-r) to set up a root master server. To run the command,	you must be logged in as super-user on the
       server machine.

       Use the second synopsis of the command (-M) to set up a non-root master server for the specified domain. To run the command,  you  must	be
       logged  in  as  a NIS+ principal on a NIS+ machine and have write permission to the parent directory of the domain that you are setting up.
       The new non-root master server machine must already be an  NIS+ client (see nisclient(1M)) and have the	rpc.nisd(1M) daemon running.

       Use the third synopsis of the command (-R) to set up a replica server for both root and non-root domains. To run the command, you  must	be
       logged  in  as a NIS+ principal on a NIS+ machine and have write permission to the parent directory of the domain that you are replicating.
       The new non-root replica server machine must already be an  NIS+ client and have the  rpc.nisd daemon running.

EXAMPLES

       Example 1: Setting up Servers

       To set up a root master server for domain  sun.com.:

       root_server# /usr/lib/nis/nisserver -r -d sun.com.

       For the following examples make sure that  the new servers are  NIS+ clients and that rpc.nisd is running on these hosts  before  executing
       nisserver. To set up a replica server for the sun.com. domain on host sunreplica:

       root_server# /usr/lib/nis/nisserver -R -d sun.com. -h sunrep

       To set up a non-root master server for domain xyz.sun.com. on host sunxyz with the  NIS+ groupname as admin-mgr.xyz.sun.com.:

       root_server# /usr/lib/nis/nisserver -M -d xyz.sun.com. -h sunxyz 
       -g admin-mgr.xyz.sun.com.

       To set up a non-root replica server for domain xyz.sun.com. on host sunabc:

       sunxyz# /usr/lib/nis/nisserver -R -d xyz.sun.com. -h sunabc

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       nis+(1),  nisgrpadm(1),	nismkdir(1),  nisaddcred(1M),  nisauthconf(1M), nisclient(1M), nisinit(1M), nispopulate(1M), nisprefadm(1M), nis-
       setup(1M), rpc.nisd(1M),  attributes(5)

NOTES

       NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from  NIS+  to  LDAP  are
       available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.10							    13 Dec 2001 						     nisserver(1M)
All times are GMT -4. The time now is 07:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy