- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: re: logins & passwords
Operating System - HP-UX
1753544
Members
5991
Online
108795
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2007 04:11 AM
тАО10-25-2007 04:11 AM
Is it possible using modprpw/passwd to set a number of logins (10 in total) to the same password without having to go into SAM and set them manually? (I only ask - as i need to set them across 10 different servers)
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2007 04:29 AM
тАО10-25-2007 04:29 AM
Solution
Who uses SAM for this? That is for wimp. The passwd command is the only command-line utility for this but it will not do what you want on its own. It would have to be coupled to the expect command (available from any of the HP-UX Porting and Archive Centre's) to do this task. Moreover to do this from a singler place, you would have to use remsh or ssh to invoke the commands remotely on each server --- or use rdist to push the /tcb/files/auth files from one master server to the others.
I have a custom program that calls uses the getprpwnam() and putprpwnam() functions to set this and can read the plaintext passwords
from stdin and set them --- but I will not share that utility. It's not difficult to do however.
Your real problem lies in the "as I need to set then across 10 different server". You need to implement a solution that will allow you to make the changes in one place and have them take effect everywhere. Can you say LDAP? (or NIS if security is not a huge concern)
I have a custom program that calls uses the getprpwnam() and putprpwnam() functions to set this and can read the plaintext passwords
from stdin and set them --- but I will not share that utility. It's not difficult to do however.
Your real problem lies in the "as I need to set then across 10 different server". You need to implement a solution that will allow you to make the changes in one place and have them take effect everywhere. Can you say LDAP? (or NIS if security is not a huge concern)
If it ain't broke, I can fix that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-25-2007 06:34 AM
тАО10-25-2007 06:34 AM
Re: re: logins & passwords
modprpw can't change the password, only some features and limits on the current password. The passwd program is purposely non-batch to discourage plain-text passwords on command lines. The expect code will help automate sending of passwd answers, but the easiest method is to use the undocumented usermod.sam command. The syntax is:
/usr/sam/lbin/usermod.sam -p $ENCRYPTEDPW $USERNAME
where $ENCRYPTED is the encrypted password (*NOT* the plain-text password) and $USER is the user ID. There is no simple method to create the encrypted passwd so I have attached a very simple program to take a (8 character maximum) password and return the encrypted version, suitable for usermod.sam -p.
Now a 'feature' of the usermod.sam program (which located in the undocumented section of /usr) is that the -p option will immediately expire the user's account so you'll need to reset the expiration. You can use modprpw (Trusted systems only) or just use passwd (all systems):
passwd -x $MAXPW -n $MINPW $USERNAME
Set MAXPW=days for the password to live before expiring, MINPW=days to elapse before another password change is allowed.
NOTE: the /usr/lbin directory cotains 'backend' programs, those which are supported and documented. This means that the programs may change at any time (and may disappear in a future release). So use with the precaution that moduser.sam may not be around in the near future.
Bill Hassell, sysadmin
/usr/sam/lbin/usermod.sam -p $ENCRYPTEDPW $USERNAME
where $ENCRYPTED is the encrypted password (*NOT* the plain-text password) and $USER is the user ID. There is no simple method to create the encrypted passwd so I have attached a very simple program to take a (8 character maximum) password and return the encrypted version, suitable for usermod.sam -p.
Now a 'feature' of the usermod.sam program (which located in the undocumented section of /usr) is that the -p option will immediately expire the user's account so you'll need to reset the expiration. You can use modprpw (Trusted systems only) or just use passwd (all systems):
passwd -x $MAXPW -n $MINPW $USERNAME
Set MAXPW=days for the password to live before expiring, MINPW=days to elapse before another password change is allowed.
NOTE: the /usr/lbin directory cotains 'backend' programs, those which are supported and documented. This means that the programs may change at any time (and may disappear in a future release). So use with the precaution that moduser.sam may not be around in the near future.
Bill Hassell, sysadmin
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP