Shell Programming and Scripting

On SPARC Solaris 10. I set the app account so it's expired. I also want it
so not required to change password at first login, I can do this by
removing the numbers after the password in /etc/shadow.

example using user1

The /etc/shadow file looks like this:

Code:

user1:kOmcVXAImRTAY:0::::90::

Want it to be like this:

Code:

user1:kOmcVXAImRTAY:::::::

How can I do that via a script? I want to do it on multiple servers, hence the script.

To disable password expiration use:

Code:

passwd -x -1 user1

To disable forced password change on next login use:

Code:

passwd -u user1

I do that, but then when the app tries to ssh to this app account, they are required to change password at first login.
I don't want that. When I remove everything between the : after the password, then the pw doesn't need to be changed anymore either.

I edited my post. To avoid forced password change use:

Code:

passwd -u user1

hmmm, I didn't see the other part with the -u. I thought that is just for unlocking a locked password. I will try it. Thanks.

---------- Post updated at 06:53 PM ---------- Previous update was at 03:38 PM ----------

This works as desired in the global zone

Code:

ssh $nn "passwd -x -1 fstone;passwd -u fstone"

but not in a zone, I end up with the 90 that I need to get rid of

Code:

user1:irCl6P1wBEBUQ:15569::::90::

To get rid of the "90" use the second command...

Code:

passwd -x -1 user1

Getting rid of the User ID (the value between the 2nd and 3rd <colon>s) and Group ID (between the 3rd and 4th <colon>s) is a VERY BAD idea. It will either make it impossible for any of the users whose entries you changed to login or it will give all of them root access!