topic Re: Change Password in Operating System - HP-UX

Change Password

KY.Chuang — Mon, 06 Jun 2005 22:49:41 GMT

Hi,
How to change user's password in one line command with "passwd".
For example :
User : ky
Original Password : ky123
New Password : ky789
I want to change ky's passowrd in one line command with "passwd".
$passwd ky ???

Regards...KY

Re: Change Password

Suraj Singh_1 — Mon, 06 Jun 2005 23:21:19 GMT

Hi,

I don't think it would be possible to change user's password in one command line, but you can achieve the same using "expect" script.

http://expect.nist.gov/

If you are wondering what is expect, then
Expect is a tool for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect really makes this stuff trivial. Expect is also useful for testing these same applications. And by adding Tk, you can also wrap interactive applications in X11 GUIs.

Expect can make easy all sorts of tasks that are prohibitively difficult with anything else. You will find that Expect is an absolutely invaluable tool - using it, you will be able to automate tasks that you've never even thought of before - and you'll be able to do this automation quickly and easily.

Re: Change Password

Amit Agarwal_1 — Mon, 06 Jun 2005 23:56:48 GMT

You can use the following expect script after some customized changes.

#!/usr/local/bin/expect -f

set force_conservative 0
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}

set timeout 30
spawn $env(SHELL)
match_max 5000
send -- "passwd ky\r"
expect "Old password:"
send -- "ky123\r"
expect "New password:"
send -- "ky789\r"
expect "Re-type new password:"
send -- "ky789\r"
expect eof

Re: Change Password

Vibhor Kumar Agarwal — Tue, 07 Jun 2005 03:37:41 GMT

If you can tell us the reason why you want to do this, then hopefully we can come up with a more suitable suggestion.

Re: Change Password

Doug O'Leary — Tue, 07 Jun 2005 08:00:22 GMT

Hey;

As mentioned previously, expect is one good solution for this. I'm not crazy about expect's syntax though. If you're already familiar with perl, you should consider using the expect module for perl. All the power of expect with perl's syntax and regular expressions. Can't beat it...

To answer Victor's question as to why you'd want to do this. One client for whom I wrote a very similar script had over 200 Solaris and HP servers and a security policy stating that everyone had to change their passwords every 45 days. Manually changing the passwords literally took an entire day for some of the admins. After automation, it took 10 minutes.

HTH;

Doug

Re: Change Password

RAC_1 — Tue, 07 Jun 2005 08:10:23 GMT

password command does not work in that way.
You can use undocumented command /usr/sam/lbin/usermod.sam -p "encrypted password" user_name"

You can user makekey to generate the encryped password. Else, you can use expect tool.

Anil

Re: Change Password

Steven E. Protter — Tue, 07 Jun 2005 08:24:11 GMT

The passwd program itself is designed to try and make sure a human being on a keyboard sets the password.

It may be possible with input redirection to bypass this.

Try a combination like:

passwd < input_file

You may be able to automate the process. Make sure permissions are tight on that input file however.

SEP

Re: Change Password

Doug O'Leary — Tue, 07 Jun 2005 08:41:13 GMT

Hey;

You can't redirect the stdin to the password command. It won't work. You have to use expect, perl/expect, or /usr/sam/lbin/usermod -p...

Doug

Re: Change Password

KY.Chuang — Wed, 08 Jun 2005 00:28:03 GMT

Hi,
Because I want to develop a session which let user can change UNIX's password with this session.
In my session, I have to combine user's old password and new password in one script, and let UNIX execute this script.
So I have to execute passwd command in one command line.

Is the command line correct ?
$passwd -r

Thanks...KY

Re: Change Password

Doug O'Leary — Wed, 08 Jun 2005 07:44:25 GMT

>> Is the command line correct ?
>> $passwd -r

No, it's not. The -r option specifies the name resolution protocol. The files option means you're using the /etc/passwd file. nis means NIS and NIS+ should, by now, be obvious. I would think there should be something for ldap, but I didn't see it in the man page.

As the posts have mentioned, in order to do what you're looking to do, you will need perl/expect or expect. At this point, even the /usr/lbin/usermod -p won't work because that requires root privileges...

HTH;

Doug

Re: Change Password

vinod_25 — Sat, 18 Jun 2005 04:14:13 GMT

hi chuang...

i will tell you an option, but the security is a problem... still if you need you can try this

after creating a user...

issue

# passwd -d -f

-d Allow user to login without a password by deleting it. In untrusted mode this unlocks/activates the user account if found locked/deactivated.

-f Force user to change password upon next login by expiring the current password

so that the user will enter the password at first logon and the administrator need not worry about the user's password part.

Regards

Vinod K