Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Script to change UNIX password
Top Forums Shell Programming and Scripting Script to change UNIX password Post 302073778 by System Shock on Wednesday 17th of May 2006 12:58:25 PM
Old 05-17-2006
ha ha!

..at one point in my career, back in 1999 at a .com data center, I had 1273 servers under my administration (with 5 other guys). I would've loved to see users' faces after telling them "you have to learn 1200+ passwds"...


...anyway...

... first thing I'd ask is if ftp, telnet, rlogin, and/or rsh are enabled. If they are, I think it is a waste of time to be changing passwds.

As for automating passwd mgt without a tool like LDAP, well, there are many ways you can do that. I use expect extensively - together with ssh - and you only need one install of it.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Change password script in Unix easily..

I have more than 50 server unix's password need to change, usually I assign one password for all hosts, for easy remember, but I need to change password every two months..it's very tried to change password every 2 months, is there any unix script that can change password easily? ie ' script... (4 Replies)
Discussion started by: zp523444
4 Replies

2. Shell Programming and Scripting

script/program to change the password ?

hi, Somebody have or known where i can find a perl small perl program to change the password. The point: First it verify is the user exist, checking the old typed password and replace it with new. The passwords must be encoded. Thanks, very much! (0 Replies)
Discussion started by: kad
0 Replies

3. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

4. UNIX for Dummies Questions & Answers

Where to change the UNIX password prompt?

Hi guys, I got these 3 servers: a, b and c which I ssh from a to b/c. a:$ ssh userid@b Password: a:$ ssh userid@c userid@c's password: Notice that the password prompt is different (highlighted in bold) on both servers even though their SUN Solaris version the same, OpenSSH version... (0 Replies)
Discussion started by: DrivesMeCrazy
0 Replies

5. Shell Programming and Scripting

Unix script to change password

Hello Gurus I have little challenge which I do not know how to address it. I have unix account on many servers (let's say over 25). These accounts expire every 60 days. Is there scripts that I can run from my "local computer" and pass a new password to it where it would change it for me on all... (7 Replies)
Discussion started by: nimo
7 Replies

6. HP-UX

Automatic script to change the UNIX Password

Hi, we have around 50 users and every month we need to change the password manually once its expire. do we have any script to change the password automatically. OS -HP-UX Thanks in advance.. (6 Replies)
Discussion started by: periyasamycse
6 Replies

7. Shell Programming and Scripting

Script to change password in UNIX

Hi Friends, Every morning i need to change the password, please advise how it can be automated. I am having pre planned password list for 4 months which can be used as input file for new passwords. Thanks (28 Replies)
Discussion started by: rajjev_saini123
28 Replies

8. Shell Programming and Scripting

A script to change password for all other servers

Hey Gurus, I have this requirement to change the password for other servers remotely from one server. So, I installed public keys on all servers and wrote the following script to do the job. Something appears to be wrong with my loop, as it only changes one server and ignores the rest. I'm... (24 Replies)
Discussion started by: Hiroshi
24 Replies

9. Shell Programming and Scripting

Shell script to change the password

Hi Folks, I am trying to change the password for the user "sysservice" Where my requirement is login to each server and exit from that and ssh to the next server.. I have enabled the password less auth for the user sysservice. for i in `cat /home/sysservice/servers.txt` do ssh... (1 Reply)
Discussion started by: gsiva
1 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

LEARN ABOUT PLAN9

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 04:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy