Login or Register to Ask a Question and Join Our Community


Infrastructure Monitoring

need script for passwd , can't use expect tool

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Infrastructure Monitoring need script for passwd , can't use expect tool
# 22  
Old 09-24-2003
Absolutely excellent , i didn't test it completely until writing the new pasword but the connection is ok and the beginning of the dialog is ok too until "old password" so the rest will be ok.

i'm searching for explanations about "print" command flags.
This is an internal command and at this time i never uses this flags

christian
# 23  
Old 09-25-2003
FYI - not to take away from Perderabo's great work - there is a program called pconsole which does the same as the ccp program (but pconsole should work on most any UNIX). Worth investigating for other uses.
# 24  
Old 09-26-2003
...but Pconsole (i don't try it!) needs a C compiler and i don't have any and neither admin rights to install it !

..but i keep the link for future use !

christian
# 25  
Old 01-11-2005
estelnet or ctelnet are similar to the ccp product described above. It allows you to either setup an /etc/clusters file with aliases that look like:
servers host1 host2 host3

Running `estelnet servers` would open a telnet to each of the three hosts, along with a console window. Things typed in the console get echo'ed to all three windows, or you can type in each window seperately. It is great for password changes.

You can also run `estelnet host1 host2 host4 host4` to connect to four servers.

Anyone know of an ssh based program that works like this?
# 26  
Old 06-23-2005
Error Security
Speaking as a SysAdmin, the big problem with doing this type of thing in an expect script is, users (on average not being very security minded) almost never think to look at the permissions on their expect script. Consequenty, they create an expect script, put password in it, and it is sitting there with rwxr-xr-x permissions, for anybody on the system to read (or if it resides in an NFS exported directory, anybody on any system that NFS mounts it or anybody on any system who who can spoof the NFS server into allowing them to mount it). Expect fools programs that were wise enough to insist on speaking to a real live terminal into thinking that they are talking to a terminal when in fact they are being driven programatically.

One thing I like about this script is that it prompts you for the (new and old) passwords. If you read the passwords from a file, your program better insist on that file having good permissions or else you are asking for trouble.

I actually came across this page when I was searching for informationa about a similar program "passmass". That might be another option for someone who interested.

However you change your passwords en-masse, be careful about the permissions of your scripts if they contain any passwords in them, etc.
# 27  
Old 06-23-2005
Glad you liked the script, Garry. You may want to take a look at my password generator too...

swordfish a password generator
# 28  
Old 06-26-2009
what do these '>&4 2>&4 |&' mean on the line "telnet $HOST >&4 2>&4 |&" ??

Quote:
Originally Posted by Perderabo
No money back guarantees on this one. But I tested it on both HP-UX and SunOS and it works for me.
Code:
#! /usr/bin/ksh

#  changepass --- change the user's password on a list of hosts
#  perderabo  9/23/03  Version 0.0
#
#  You will need to adjust HOSTLIST.  You may need to adjust DELAY
#  and all of section 2.
#


#
#  Section 0 --- Set stuff up

HOSTLIST="test1 test2"
DELAY=3
stty -echo
print -n Enter Old Password-
read OLDPASS
print 
print -n Enter New Password-
read NEWPASS
print
stty echo
USER=$(whoami)
exec 4>&1


#
#  Section 1 --- Prove that we can talk with the hosts in HOSTLIST
#     Part 1 --- telnet to each and touch a file

for HOST in $HOSTLIST ; do
	telnet $HOST >&4 2>&4 |&
	sleep $DELAY
	print -p $USER
	sleep $DELAY
	print -p $OLDPASS
	sleep $DELAY
	print -p touch changepassdatafile.$HOST
	sleep $DELAY
	print -p exit
	wait
done

#
#  Section 1 --- Prove that we can talk with the hosts in HOSTLIST
#     Part 2 --- Retrieve the files via ftp

ftp -nv >&4 2>&4 |&
for HOST in $HOSTLIST ; do
	print -p open $HOST
	print -p user $USER $OLDPASS
	print -p get changepassdatafile.${HOST}
	print -p close
done
print -p bye
wait

#
#  Section 1 --- Prove that we can talk with the hosts in HOSTLIST
#     Part 3 --- Inspect the retrieved files

errors=0
for HOST in $HOSTLIST ; do
	if [[ -f changepassdatafile.${HOST} ]] ; then
		echo $HOST was ok
		rm changepassdatafile.${HOST}
	else
		echo $HOST has a problem
		((errors=errors+1))
	fi
done
((errors)) && exit 1

#
#  Section 2 --- Change the passwords

for HOST in $HOSTLIST ; do
    telnet $HOST >&4 2>&4 |&
    sleep $DELAY
    print -p $USER
    sleep $DELAY
    print -p $OLDPASS
    sleep $DELAY
    print -p passwd
    sleep $DELAY
    print -p $OLDPASS
    sleep $DELAY
    print -p $NEWPASS
    sleep $DELAY
    print -p $NEWPASS
    sleep $DELAY
    print -p exit
    wait
done

#
#  Section 3 --- Verify that the passwords were changed
#     Part 1 --- Retrieve those files via ftp again

ftp -nv >&4 2>&4 |&
for HOST in $HOSTLIST ; do
    print -p open $HOST
    print -p user $USER $NEWPASS
    print -p get changepassdatafile.${HOST}
    print -p delete changepassdatafile.${HOST}
    print -p close
done
print -p bye
wait

#
#  Section 3 --- Verify that the passwords were changed
#     Part 2 --- Inspect the retrieved files

errors=0
for HOST in $HOSTLIST ; do
    if [[ -f changepassdatafile.${HOST} ]] ; then
        rm changepassdatafile.${HOST}
    else
        echo $HOST has a problem!
        ((errors=errors+1))
    fi
done
((errors)) && exit 1


exit 0
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Programming

Expect script returning string following a found expect.

I'm fairly new to scripting so this might not be possible. I am using Expect with Cisco switches and need to capture the string after finding the expect request. For example, when I issue "show version" on a Nexus switch, I'm looking to capture the current firmware version: #show version ... (0 Replies)
Discussion started by: IBGaryA
0 Replies

2. Programming

Calling another expect script inside an expect script

I have an expect script called remote that I want to call from inside my expect script called sudoers.push, here is the code that is causing me issues: set REMOTE "/root/scripts/remote" ... log_user 1 send_user "Executing remote script as $user...\n" send_user "Command to execute is: $REMOTE... (1 Reply)
Discussion started by: brettski
1 Replies

3. Programming

Calling expect script inside another expect

Hi, Am very new to expect scripting.. Can You please suggest me how to call an expect script inside another expect script.. I tried with spawn /usr/bin/ksh send "expect main.exp\r" expect $root_prompt and spawn /usr/bin/ksh send "main.exp\r" expect $root_prompt Both... (1 Reply)
Discussion started by: Priya Amaresh
1 Replies

4. Shell Programming and Scripting

script using expect tool

Hi All, I need ur help and suggestion to make my code efficient.I have to reset the password for multiple unix flavour using expect tool.There is one file in which I have mentioned ip address and main script will pickup those ip and reset all password and it will write to a log file whether it has... (1 Reply)
Discussion started by: manish_1678
1 Replies

5. Shell Programming and Scripting

Need help with Expect script for Cisco IPS Sensors, Expect sleep and quoting

This Expect script provides expect with a list of IP addresses to Cisco IPS sensors and commands to configure Cisco IPS sensors. The user, password, IP addresses, prompt regex, etc. have been anonymized. In general this script will log into the sensors and send commands successfully but there are... (1 Reply)
Discussion started by: genewolfe
1 Replies

6. Solaris

tool to convert /etc/passwd and etc/shadow

i wonder if there is a tool to read the /etc/passwd or /etc/shadow files in order to reset user accounts to the same one. By moving (restore) all filessytem and data to another same Sun box, none of the users are able to logon to the new box which i didn't change nothing. But if i reset the user... (1 Reply)
Discussion started by: lamoul
1 Replies

7. Shell Programming and Scripting

Expect passwd scripting

I am trying to write an expect script which will read information from a file that contains username and password, and change the password for each user accordingly. The list contains around 100 users. I am new to both Solaris and expect. I have successfully been able to set the first user's... (9 Replies)
Discussion started by: DoctorOctagon
9 Replies

8. Shell Programming and Scripting

Help with Expect tool Script

Problem Description: I have written the Expect script in Linux box, able to login from Linux to Windows and able to execute the command(eg, hostname) on windows server which produces some value. I want to pass this value from Windows to Linux box . Can we pass any parameter from Linux with expect... (2 Replies)
Discussion started by: khagendra
2 Replies

9. Shell Programming and Scripting

strange expect script behavior, or am i misunderstanding expect scripting?

Hello to all...this is my first post (so please go easy). :) I feel pretty solid at expect scripting, but I'm running into an issue that I'm not able to wrap my head around. I wrote a script that is a little advanced for logging into a remote Linux machine and changing text in a file using sed.... (2 Replies)
Discussion started by: v1k0d3n
2 Replies

10. UNIX for Dummies Questions & Answers

'expect' tool

Can someone please provide a simple sample of syntax using the expect tool with an app. Let's say FTP. Maybe point me to where I may find some information on the syntax used. I'm not going to by a book on it. Thanks in advance! (2 Replies)
Discussion started by: shaggy
2 Replies
Login or Register to Ask a Question