Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Changing Users Passwords Via Script?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Changing Users Passwords Via Script?
# 1  
Old 04-09-2002
Question Changing Users Passwords Via Script?
I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and print them out so that I do not have to think of and write down the passwords for safe keeping.

Yep, you guessed the next question... how can I pass the passwords to a script which will change them automatically on each machine?

I have done quite a bit of looking into this and found one answer is to use the GNU expect binary, but I am having difficulties getting the binary working on our servers, should I not get it working does any one have any ideas?

Please note that company policy does not allow me to use remote shells, psuedo root users and none expiring accounts.

Thanks in advance

- Paul
# 2  
Old 04-09-2002
If the company wants all the security -then show them that the only way to do what they want is with a 3rd party security package.

OR

You could use a NIS root account - this is how -
You have your normal root account which has it's info in /etc/passwd (and shadow). If the server looks at NIS before files, then you could have an NIS root account - one password for all servers (yes, drawbacks to that too!). If NIS was unavailable, you would have to know what the server's local root password is to log in or su to root.

To change passwords on all servers requires setting up some type of allowed access - there is a 'free' product called cfengine which worked well (although our site lost 46 servers in one minute due to a bug {which was fixed but we never used it again}). Another way is if you have programming knowledge is to write your own.

My own opinion is with the 3rd party software. I've seen it work and it makes it easy to use (this was on a mix of Solaris and HP servers). I think RSA Security makes/sells it.
thehoghunter
# 3  
Old 04-09-2002
i found this script which uses expect awhile ago, haven't had time to mess with it though, maybe it will help get you started
Code:
#!/usr/local/bin/expect

if { $argc != 3 } {
    puts "Usage:"
    puts "$argv0 username oldpwd newpwd"
    exit
}

#set machine  [lindex $argv 0]
set username [lindex $argv 0]
set oldpwd   [lindex $argv 1]
set newpwd   [lindex $argv 2]
set completed_list " "

#-----------------------------------------
# All machines where set password on
#-----------------------------------------
set machine_list {
machine1
machine2
machine3
etc
etc
}


#----------------------------------------------------
# Ping machines to see which ones are available
#   ok machines in run_list
#----------------------------------------------------
foreach machine $machine_list {
    if { [ catch { exec ping -c 1 $machine  } ] == 0 } {
        lappend run_list $machine
    }
}


proc exclude_list {} {
    set count 0
    global machine_list run_list
    foreach machine $machine_list {
        incr count
        if { [ lsearch $run_list $machine ] < 0 } {
            puts "\t$count)\t$machine"
        }
    }    
    puts ""
}

proc include_list {} {
    puts "Will now try to change password on following machines:"
    set count 0
    global machine_list run_list
    foreach machine $run_list {
        incr count
            puts "\t$count)\t$machine"
    }
    puts ""
}

proc continue_chk {} {
    global run_list
    while {1} {
        include_list
        puts -nonewline "\nDo you want to continue or (m)odify list? (y/n/m): "
        gets stdin ans 
        if { 1 == [regexp {^y|Y$} $ans]  } {
            puts "yes"
            break
        } elseif { 1 == [regexp {^m|M$} $ans]  } {
            puts -nonewline "\n Enter number to remove: "
            gets stdin ans 
            set r_num [expr {$ans - 1}]
            puts $run_list
            set run_list [ lreplace $run_list $r_num $r_num ] 
        } else {
            puts "no"
            exit
        }
    }
}
    
puts "Failed to ping following machines:"
exclude_list

#puts "Will now try to change password on following machines:"
#include_list

continue_chk

foreach machine $run_list { 
    set change 0
    spawn telnet $machine
    while {1} {
        expect  { 
            timeout         break
            "\rlogin:"        { sleep 1
                              send "${username}\r" }
            "New password"  { send "${newpwd}\r" 
                              lappend completed_list $machine
                              set change 1 }
            "new password"  { send "${newpwd}\r" 
                             set change 1 }
            "Old password:" { send "${oldpwd}\r" }
            "Password:"     { send "${oldpwd}\r" }
            "\\\$"            { if {$change == 0} { 
                                  send "passwd\r" 
                                  set change 1 
                              } else {
                                  send "exit\r" }
                            }
            "changed"       { send "exit\r" }
            "closed"        { break }
        }
        sleep 1
    }
}
    
puts " "
puts "Password changed on following machines:"
foreach machine $completed_list {
    puts $machine
}

puts " "
puts "Password NOT changed on following machines:"
foreach machine $machine_list {
    if { [ lsearch $completed_list $machine ] < 0 } {
        puts $machine
    }
}
exit

added code tags for readability --oombera
Last edited by oombera; 02-20-2004 at 02:00 PM..
# 4  
Old 04-10-2002
Can can obtain "expect" and every other well known free software package already compiled to run on HP-UX. See this post for details.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Red Hat

Problem with Script to email Admin users with expired passwords writed byygemici

Hi, I have problem with a script, it was working for 6 month and suddenly I started getting strange expire times example: # chage -l wXXp Last password change : Oct 28, 2014 Password expires : Nov 27, 2014 Password... (3 Replies)
Discussion started by: redmansas
3 Replies

2. Shell Programming and Scripting

Create multiple users with individual passwords to users

hi, i am new to shell scripts i write a shell script to create multiple users but i need to give passwords to that users while creating users, command to write this script (1 Reply)
Discussion started by: DONFOX
1 Replies

3. Solaris

Changing Passwords with a script.

We are real strict when it comes to passwords. Every 60 days the admins have to change passwords on all of the accounts. And there is pretty strict enforcement of the type of passwords chosen. This is a tedious and monotonous job. Ww don't use NIS or LDAP, so this has to be done on each machine. ... (5 Replies)
Discussion started by: brownwrap
5 Replies

4. Shell Programming and Scripting

script for changing passwords

Hello, We are running aix 5.3. We're looking for a script that can change passwords, taking 2 arguments ( old password, new password ). I am wondering if this can be done with a here document, or some generic scripting method. Or, if I would have to download expect. Alternatively I wonder... (3 Replies)
Discussion started by: fwellers
3 Replies

5. Solaris

To restrict the users not to change the passwords for NIS users

Hi All, How to restrict the NIS users not to change their passwords in for NIS users?? and my NIS user is unable to login to at client location what could be the problem for this ? Any body can help me. Thanks in advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies

6. UNIX for Advanced & Expert Users

Monitoring the changing of passwords

What is the best way to monitor who changes passwords, or what passwords get changed? Is there a way to send that over to Syslog? An example would be someone logs in as themselves, changes to root (which I capture by loging auth and auth.info) and then changes a password. Do I need to put an... (1 Reply)
Discussion started by: AW12
1 Replies

7. Shell Programming and Scripting

changing passwords remotely on sun boxes

now, for reasons i really cant begin to delve into, i have to find a way to be able to rmeotely create user accounts and also assign them passwords. unfortunately, it appears Sun boxes frowns upon this. sun boxes will let u create a user account remotely but will never let u assign the useraccount... (0 Replies)
Discussion started by: Terrible
0 Replies

8. Shell Programming and Scripting

Perl script - changing passwords

Just wanted options of this - first 'real' Perl script and I'm not positive of all the quirks in Perl. Any suggestions are welcome. Especially since I'm messing with /etc/shadow! Running Solaris 2.6, Perl 5.005.03 #!/u/bin/perl # # Change the user's old password to the new in /etc/shadow ... (3 Replies)
Discussion started by: thehoghunter
3 Replies

9. UNIX for Dummies Questions & Answers

passwords changing

Hello everyone let me start off by saying happy new year to all I am new to this board. I am running a multipurpose server (web/ftp/email) it runs apache 1.3.20 i think it is and Qmail would I would like to do is find/create a script that will allow my users to change there unix password... (1 Reply)
Discussion started by: viperws
1 Replies
Login or Register to Ask a Question