topic Re: Adding users with trusted systems in Operating System - HP-UX

Adding users with trusted systems

Travis Harp — Mon, 26 Jan 2004 11:07:34 GMT

I've been adding user via sam for a while now but I'm trying to develop a script to make this task less time consuming.

Does the useradd.sam command work correctly when used on a trusted system and is there anything that I need to know before going forward?

Thanks

Re: Adding users with trusted systems

Camel_1 — Mon, 26 Jan 2004 11:19:39 GMT

useradd command works the same on btoh trusted/notrusted system.

Simon

Re: Adding users with trusted systems

Uday_S_Ankolekar — Mon, 26 Jan 2004 11:21:40 GMT

/usr/sbin/useradd command should workwell with your scripts.

-USA..

Re: Adding users with trusted systems

Hoefnix — Mon, 26 Jan 2004 11:24:47 GMT

just tested and useradd works in trusted system.
regards,

Peter

Re: Adding users with trusted systems

Darren Prior — Mon, 26 Jan 2004 11:54:13 GMT

Hi Travis,

The main point you should know is that it's not supported to use the useradd.sam script. It's only designed to be used internally by SAM and it's possible that it could get changed by a patch.

Please also consider assigning points to those that have given their time to help you. It's free, plus it helps others decide which answers have been useful.

regards,

Darren.

Re: Adding users with trusted systems

Jeff Schussele — Mon, 26 Jan 2004 12:02:55 GMT

Hi Travis,

As noted /usr/sbin/useradd (and /usr/sbin/groupadd as well) work the same in both envs.
Would be used as follows:

/usr/sbin/useradd -u UID -g GID -d /home/username -m -s /usr/bin/ksh -c "Comments here - maybe full name" username

The GID must exist or you'll have to create it fisrt - with groupadd if you wish.
The home dir can be wherever you normally put them & the -m states to make (create) the dir if it doesn't exist. We use the -c for full user name & affiliation (what group they're with or phone #, etc.). And of course you can give them whatever valid shell you wish or they want.

HTH,
Jeff

Re: Adding users with trusted systems

Sridhar Bhaskarla — Mon, 26 Jan 2004 12:28:06 GMT

Hi,

Useradd is the command you should be using as pointed already.

However, with useradd you will not be able to set the password. If you have an encrypted password for the user (you can generate the encrypted password using the 'makekey' command in /usr/lib) and add it using the command

/usr/sam/lbin/usermod.sam -p abjHqL18xWq0A user

Here abjHqL18xWq0A is the encrypted password.

-Sri

Re: Adding users with trusted systems

Mic V. — Mon, 26 Jan 2004 15:11:23 GMT

I hacked out a C program to handle setting the password with straight useradd. It just did getpwent, etc. Wasn't too bad once I thought it out. Sorry, can't post the code.

Re: Adding users with trusted systems

Bill Hassell — Mon, 26 Jan 2004 15:22:29 GMT

Attached is a really simple C program to generate an encrypted password. usermod.sam has not changed in several revs and still works to modify the password (whether Trusted or not) in both 11.0 and 11.11 (and 10.20 for that matter). So you can use the output of this program as the encrypted password to pass to usermod.sam

Re: Adding users with trusted systems

Travis Harp — Mon, 26 Jan 2004 15:24:54 GMT

Ok I'm making some good progress here thanks to everyone's help but I'm having an issue getting the password set.

I've been using makekey to get the encrypted password as suggested but when I use the usermod.sam -p it doesn't seem to take.

As a test I tried to su to one of these accounts and the password I just put in doesn't work, I've tried it unencrypted as well with no better results.

What am I doing wrong here?

Re: Adding users with trusted systems

Steven E. Protter — Mon, 26 Jan 2004 15:27:19 GMT

useradd.sam is just some internal sam program that does the same job as useradd.

use useradd, Bill Hassel's program and as they say in Siberia, "Your'e Done"

SEP

Re: Adding users with trusted systems

Mic V. — Mon, 26 Jan 2004 15:32:40 GMT

To clarify, the program I wrote actually set the password by (carefully!) modifying the passwd file once the account had been created.

Re: Adding users with trusted systems

Travis Harp — Mon, 26 Jan 2004 16:07:50 GMT

The password is now working, thanks everyone.

One last thing remains, I would like to have these accounts created with an expired password so the user is forced to change the password on first log in.

How would I go about that on the command line?

Re: Adding users with trusted systems

Sridhar Bhaskarla — Mon, 26 Jan 2004 16:08:02 GMT

Hi,

You will need to pay attention to makekey while creating the encrypted password. makekey will accept exactly 10 chars with first 8 being the password. The last two chars are called salt and they can be arbitrary. For ex., to create the encrypted password for "test1234" I would use the following

echo "test1234xy" |/usr/lib/makekey

Here xy can be anything.

Try it and it should work.

-Sri

Re: Adding users with trusted systems

Sridhar Bhaskarla — Mon, 26 Jan 2004 16:24:19 GMT

Hi,

command line to force the user to change his/her password is 'passwd -f user'.

Man 'passwd' for more information.

-Sri

Re: Adding users with trusted systems

Travis Harp — Tue, 27 Jan 2004 09:15:17 GMT

I'm almost there but now I'm having a problem with the accounts saying that the password is expired and it's not allowing the user to set the password.

Last successful login for : Mon Jan 26 15:31:39 CST6CDT 2004
Last unsuccessful login for : NEVER
Your password has expired.
su: Password for has expired. Choose new password and try again
su: Sorry

It's acting like the password life time has expired.

I can go into sam and reset the password age to zero and it works fine.

Is there a command line way to set the password age to zero?

Re: Adding users with trusted systems

Bill Hassell — Tue, 27 Jan 2004 10:10:53 GMT

/usr/lbin/modprpw -e user_login_name

The man page is missing on 11.0 and earlier systems but it's there for 11.11 and later. Get a copy from docs.hp.com (and also get getprpw, lots of useful info)

Re: Adding users with trusted systems

Bill Hassell — Tue, 27 Jan 2004 10:14:30 GMT

Almost forgot: using su to login to an expired account will give you that exact behavior. You must login normally (ssh or telnet) to change the password.