https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761028#M945286 Hi<BR /><BR />If you manage to get access to one server , you have access to them all via that specific id. Not that the intruder would now that the passwd's are the same. It wouldn't be hard to work out though<BR /><BR />I take it that you have .rhosts set up on each server as well ?<BR /><BR />HTH<BR /><BR />Steve Wed, 10 Jul 2002 12:47:29 GMT steven Burgess_2 2002-07-10T12:47:29Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761027#M945285 I wanted an easy way to change passwords across 17 different servers without setting up NIS. I created a script that utilizes sed to change the password field in the /etc/passwd file to the same encrypted password across all servers. What kind of security problems would this open up? It is still using the encrypted password it is just the same encrytion on each server. Wed, 10 Jul 2002 12:38:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761027#M945285 Jason Berendsen 2002-07-10T12:38:29Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761028#M945286 Hi<BR /><BR />If you manage to get access to one server , you have access to them all via that specific id. Not that the intruder would now that the passwd's are the same. It wouldn't be hard to work out though<BR /><BR />I take it that you have .rhosts set up on each server as well ?<BR /><BR />HTH<BR /><BR />Steve Wed, 10 Jul 2002 12:47:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761028#M945286 steven Burgess_2 2002-07-10T12:47:29Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761029#M945287 Yes we do have an .rhosts set up. I am aware that this is a security risk.<BR /><BR />Jason Wed, 10 Jul 2002 12:51:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761029#M945287 Jason Berendsen 2002-07-10T12:51:39Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761030#M945288 allo,<BR /><BR />I'v tried it before also with sed and aslong <BR />as your hosts.equiv &amp; .rhosts are set up well <BR />then there will be no problems. <BR />Atleast not for me a couple of month ago.<BR /><BR />GrtZZ<BR /><BR />R.Mielen Wed, 10 Jul 2002 12:52:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761030#M945288 R.Mielen 2002-07-10T12:52:02Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761031#M945289 The passwd file itself is probably no less secure. In fact, it's about at the level NIS would leave it since a 'ypcat passwd' would reveal the hashed passwd's to anyone. Your real security risk is the .rhosts and hosts.equiv that allow your remsh'ed sed commands to work. Theother risk is that your script probably create a temp file before moving back to /etc/passwd. Someone might be able to write a daemon to look for the existence of that temp file and subvert it before it is moved into final position. <BR /><BR />You should really give NIS a try. It's very easy to set up. You can even use SAM.<BR /> <BR /><BR /> Wed, 10 Jul 2002 12:52:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761031#M945289 A. Clay Stephenson 2002-07-10T12:52:31Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761032#M945290 Hi,<BR /><BR />To increase your security further, you should go for the NIS or convert your system to a trusted system using SAM.<BR /><BR />.rhosts, hosts.equiv files are security loopholes.<BR /><BR />Piyush<BR /> Wed, 10 Jul 2002 12:59:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761032#M945290 PIYUSH D. PATEL 2002-07-10T12:59:05Z https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761033#M945291 Hi<BR /><BR />Here is the doc for setting up nis<BR /><BR /><A href="http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B1031-90048/B1031-90048_top.html&amp;con=/hpux/onlinedocs/B1031-90048/00/00/20-con.html&amp;toc=/hpux/onlinedocs/B1031-90048/00/00/20-toc.html&amp;searchterms=nis&amp;queryid=20020710-084235" target="_blank">http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B1031-90048/B1031-90048_top.html&amp;con=/hpux/onlinedocs/B1031-90048/00/00/20-con.html&amp;toc=/hpux/onlinedocs/B1031-90048/00/00/20-toc.html&amp;searchterms=nis&amp;queryid=20020710-084235</A><BR /><BR />HTH<BR /><BR />Steve Wed, 10 Jul 2002 14:34:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/password-changes/m-p/2761033#M945291 steven Burgess_2 2002-07-10T14:34:22Z