topic Re: Password help in Operating System - HP-UX

Password help

Anthony khan — Wed, 27 Feb 2002 13:21:00 GMT

Hi Everyone,

I want all user to change their password when they login next time, Any suggestion or anyone have any script to do this job, I was thinking to get the user name from /etc/passwd and run passwd -f, but I don't wanna change the passwd for root etc. Thanks in advance.Note this is not a trusted system

Anthony

Re: Password help

harry d brown jr — Wed, 27 Feb 2002 13:27:38 GMT

Anthony,

Write a little awk script to go through the passwd file and set the "-f" option per each user.

live free or die
harry

Re: Password help

John Strang — Wed, 27 Feb 2002 13:35:12 GMT

Hi Anthony,

You can write a quick script to run passwd -f for a list of users

Run
cut -d : f1 /etc/passwd > /tmp/userlist

This will create /tmp/userlist as a list of usernames from /etc/passwd

Then edit /tmp/userlist so that it contains only those usernames that you want to change passwords

Then run
for i in ??cat /tmp/userlist??
do
passwd -f $i
done

This will run passwd -f for each entry in the /tmp/userlist file

HTH,

John

Re: Password help

harry d brown jr — Wed, 27 Feb 2002 13:36:37 GMT

Anthony,

Here's a quick script:

cat /etc/passwd | awk -F: '{if ($3 > 100) system("passwd -f "$1)}'

Change the "if" and "100" if "100" is not the lowest account you don't want to change.

live free or die
harry

Re: Password help

S.K. Chan — Wed, 27 Feb 2002 14:42:24 GMT

Implementing password aging can also help by which you don't need a script to do this.

Re: Password help

Helen French — Wed, 27 Feb 2002 15:22:51 GMT

Hi Anthony,

Two options:

1) Enable password aging through SAM
2) Set -f option.

# passwd -f "acct_name"

HTH,
Shiju

Re: Password help

Anthony khan — Wed, 27 Feb 2002 15:30:35 GMT

Thanks for response guys, sorry there is a problem in assigning points, I'll do it later.

Chan & Shiju,

If Enabling password aging do I have to make the system trusted, IF yes then this is a production box, is there any precaution I have to take.

Thanks to all again

Re: Password help

Rodney Hills — Wed, 27 Feb 2002 15:35:52 GMT

Password aging doesn't require a trusted system.

If you do go trusted, be careful with NIS (aka yellow pages), as it doesn't work with trusted systems.

-- Rod Hills

Re: Password help

Helen French — Wed, 27 Feb 2002 15:52:42 GMT

Hi Anthony,

Yes, you need to convert your system to Trusted mode inorder to enable pasword aging functions. You can do these through SAM.

Making system trusted has advantages and some disadvantages ( like NIS). See this guide for trusted systems:

http://www.docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html

Also check this thread for some more information:

http://us-support3.external.hp.com/cki/bin/doc.pl/sid=bd9e15760b1142a5d4/screen=ckiDisplayDocument?docId=200000058669369

HTH,
Shiju

Re: Password help

Rodney Hills — Wed, 27 Feb 2002 15:58:17 GMT

I did a test on my non-trusted system and was able to enter

passwd -f -x 7 joeuser

When joeuser logged on, the system requested a new password, and it made an entry in /etc/passwd to indicate a max time of 7 days.

Far as I can tell (and the man page for passwd), you don't need a trusted system.

-- Rod Hills

Re: Password help

Helen French — Wed, 27 Feb 2002 16:06:32 GMT

Hi Rod,

When you invoke SAM-Auditing and security-System security policies-Password aging policies, the system will force you to make the system trusted.

The '-f' option with passwd command deosn't require a trusted system. In the man pages of passwd:

A superuser can modify password aging characteristics associated with the user name using the following options - " -d, -f, -l, -x"

Also the -w needs the system to be trusted.

HTH,
Shiju