https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247906#M331085 All, <BR /><BR />I have taken an golden ignite image of a trusted system 6 months ago. <BR />I'm deploying that image now to new servers.<BR />Due to password aging, not a single user remembers his password of the time when the image was taken, hence the current password on this "new" server.<BR />Anyway any idea how I can reset those passwords easily without having to distribute all kind of new passwords to the users ?<BR />1/ I know I can expire all passwords, but then still all users have to know there old passwords for the first login<BR />2/ I can set all passwords manually, but then I have to distribute a lot of passwords ...<BR /><BR />I'm looking for something to "blank" the password (knowing this is not perfectly safe, but the system is not in production yet), but forces the user to change it on first login.<BR /><BR />Any clues ?<BR /><BR />Thx, <BR /><BR />R. Thu, 07 Aug 2008 10:47:05 GMT Romalfox 2008-08-07T10:47:05Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247906#M331085 All, <BR /><BR />I have taken an golden ignite image of a trusted system 6 months ago. <BR />I'm deploying that image now to new servers.<BR />Due to password aging, not a single user remembers his password of the time when the image was taken, hence the current password on this "new" server.<BR />Anyway any idea how I can reset those passwords easily without having to distribute all kind of new passwords to the users ?<BR />1/ I know I can expire all passwords, but then still all users have to know there old passwords for the first login<BR />2/ I can set all passwords manually, but then I have to distribute a lot of passwords ...<BR /><BR />I'm looking for something to "blank" the password (knowing this is not perfectly safe, but the system is not in production yet), but forces the user to change it on first login.<BR /><BR />Any clues ?<BR /><BR />Thx, <BR /><BR />R. Thu, 07 Aug 2008 10:47:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247906#M331085 Romalfox 2008-08-07T10:47:05Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247907#M331086 Shalom,<BR /><BR />You should be able to run a script to unlock all those accounts using the /usr/lbin/modprpw -m <BR /><BR />command.<BR /><BR />Your best bet is a script that sets the password empty and sets an expiration date a few days in the future.<BR /><BR />/etc/default/security<BR />These settings can be made to limit your exposure.<BR /><BR />The passwd command itself has good options that work in a trusted system.<BR /><BR />You might also consider getting around this hassle by updating your golden image.<BR /><BR /><BR />SEP Thu, 07 Aug 2008 11:47:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247907#M331086 Steven E. Protter 2008-08-07T11:47:46Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247908#M331087 Shalom SEP, <BR /><BR />my exact issue is that I'm unsure on how to set an empty (or blank) password in a Trusted system.....<BR /><BR />I've checked all modprpw options before and could not find any to solve my needs....<BR /><BR />But maybe I did not check enough ? Thu, 07 Aug 2008 11:54:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-system-image-deployment/m-p/4247908#M331087 Romalfox 2008-08-07T11:54:33Z