Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Non-interactive password change?
Operating Systems Solaris Non-interactive password change? Post 302188444 by squall on Wednesday 23rd of April 2008 01:36:34 PM
Old 04-23-2008
Im guessing by "more direct", you mean "easier to implement".

The two methods you mentioned are pretty much the options available to you (which option you use depends on whether you want to use the encrypted or unencrypted password string).

Writing an expect script to reset a password is simple, just do a google search and you will have several working examples within minutes.

Using expect to run the "passwd" command protects the integrity of the file as it uses file locking to edit it, and a typo in your script is less likely to corrupt the shadow file.

Also if you are going to be changing passwords via a script keep in mind that it is bad security to leave passwords lying around hardcoded in scripts.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Change password by pushing encrypted password to systems

I'm tasked to change a user's password on multiple Linux systems (RH v3). I though copying the encrypted password from one Linux /etc/shadow file to another would work but I was wrong. The long term solution is to establish an openLDAP Directory service, but for now I'm stuck with a manual... (1 Reply)
Discussion started by: benq70
1 Replies

2. Shell Programming and Scripting

ERROR : Permission denied (publickey,password,keyboard-interactive).

Hello, when I try to connect to a remote machine through SSH username@host I am getting the error message Permission denied (publickey,password,keyboard-interactive). Can any one tell me what is the problem. the key is added in the remote machines authorized_keys file. (5 Replies)
Discussion started by: deepusunil
5 Replies

3. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

4. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

5. Homework & Coursework Questions

How to write script that behaves both in interactive and non interactive mode

Q. Write a script that behaves both in interactive and non interactive mode. When no arguments are supplied it picks up each C program from the directory and prints first 10 lines. It then prompts for deletion of the file. If user supplies arguments with the script , then it works on those files... (8 Replies)
Discussion started by: rits
8 Replies

6. UNIX for Advanced & Expert Users

Automating Interactive password change

I have written the below scripts . ldap_pwd_prompt.ksh #!/usr/bin/ksh passwd -r ldap interactive_pwd_change.exp #!/usr/local/bin/expect set timeout 10 set curpass set newpass spawn ./ldap_pwd_prompt.ksh expect "Enter existing login password:" send "$curpass\r" expect "New... (6 Replies)
Discussion started by: dr46014
6 Replies

7. AIX

Change password to blank password

AIX 6.1 User has a password set. It needs to be a blank password (no password). smit passwd enter user name at change password and confirm password, just press ENTER Afterwards, I could not log on with blank password or with original password. How can I change the password to a... (2 Replies)
Discussion started by: landog
2 Replies

8. Red Hat

Password less SSH for non-interactive NUID

We have a script which rsyncs two directories on two servers. This rsync will happen with the ID svID. But the script runs with the Control-M ID opID. we have setup password less SSH for svID, but it fails with Host key verification failed when the script is executed by opID. As opID is a... (1 Reply)
Discussion started by: Madimi
1 Replies

9. UNIX for Dummies Questions & Answers

SFTP in non-interactive mode without password

Hello all, can we SFTP to the destination server in a non-interactive mode with out estbalishing the public key of origination server in the destination server? meaning i want to harcode the password as part of the below script or as an variable? Please let me know if there is any better way to... (2 Replies)
Discussion started by: Ariean
2 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

LEARN ABOUT DEBIAN

chpasswd

CHPASSWD(8)						    System Management Commands						       CHPASSWD(8)

NAME

       chpasswd - update passwords in batch mode

SYNOPSIS

       chpasswd [options]

DESCRIPTION

       The chpasswd command reads a list of user name and password pairs from standard input and uses this information to update a group of
       existing users. Each line is of the format:

       user_name:password

       By default the passwords must be supplied in clear-text, and are encrypted by chpasswd. Also the password age will be updated, if present.

       By default, passwords are encrypted by PAM, but (even if not recommended) you can select a different encryption method with the -e, -m, or
       -c options.

       Except when PAM is used to encrypt the passwords, chpasswd first updates all the passwords in memory, and then commits all the changes to
       disk if no errors occured for any user.

       When PAM is used to encrypt the passwords (and update the passwords in the system database) then if a password cannot be updated chpasswd
       continues updating the passwords of the next users, and will return an error code on exit.

       This command is intended to be used in a large system environment where many accounts are created at a single time.

OPTIONS

       The options which apply to the chpasswd command are:

       -c, --crypt-method METHOD
	   Use the specified method to encrypt the passwords.

	   The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods.

	   By default, PAM is used to encrypt the passwords.

       -e, --encrypted
	   Supplied passwords are in encrypted form.

       -h, --help
	   Display help message and exit.

       -m, --md5
	   Use MD5 encryption instead of DES when the supplied passwords are not encrypted.

       -R, --root CHROOT_DIR
	   Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.

       -s, --sha-rounds ROUNDS
	   Use the specified number of rounds to encrypt the passwords.

	   The value 0 means that the system will choose the default number of rounds for the crypt method (5000).

	   A minimal value of 1000 and a maximal value of 999,999,999 will be enforced.

	   You can only use this option with the SHA256 or SHA512 crypt method.

	   By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in /etc/login.defs.

CAVEATS

       Remember to set permissions or umask to prevent readability of unencrypted files by other users.

CONFIGURATION

       The following configuration variables in /etc/login.defs change the behavior of this tool:

       SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number)
	   When ENCRYPT_METHOD is set to SHA256 or SHA512, this defines the number of SHA rounds used by the encryption algorithm by default (when
	   the number of rounds is not specified on the command line).

	   With a lot of rounds, it is more difficult to brute forcing the password. But note also that more CPU resources will be needed to
	   authenticate users.

	   If not specified, the libc will choose the default number of rounds (5000).

	   The values must be inside the 1000-999,999,999 range.

	   If only one of the SHA_CRYPT_MIN_ROUNDS or SHA_CRYPT_MAX_ROUNDS values is set, then this value will be used.

	   If SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDS, the highest value will be used.

	   Note: This only affect the generation of group passwords. The generation of user passwords is done by PAM and subject to the PAM
	   configuration. It is recommended to set this variable consistently with the PAM configuration.

FILES

       /etc/passwd
	   User account information.

       /etc/shadow
	   Secure user account information.

       /etc/login.defs
	   Shadow password suite configuration.

       /etc/pam.d/chpasswd
	   PAM configuration for chpasswd.

SEE ALSO

       passwd(1), newusers(8), login.defs(5), useradd(8).

shadow-utils 4.1.5.1						    05/25/2012							       CHPASSWD(8)
All times are GMT -4. The time now is 01:40 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy