HPE Community
Operating System - HP-UX
1751883 Members
5635 Online
108783 Solutions
New Discussion юеВ

Changing password in a trusted system from a remote system

 
SOLVED
Go to solution
sathish kannan
Valued Contributor

тАО06-03-2003 10:01 PM

тАО06-03-2003 10:01 PM

Changing password in a trusted system from a remote system

Hi All,
We are running HP 10.20 and 11.00 systems in HP trusted domain environment. Now I need to create users in applcation server and database server aswell (application requirement). Currently I am adding users by a scripts on both servers indivisually. Now I need to consolidate to one server. Now my question is ,
How do we change or set a user's password from a remote system.? I have tried copying tcb file but it doesn't work. Your help is much appreciated.
Thanks to all in advance.

Regards
Sathish
Don't Think too much
0 Kudos
9 REPLIES 9
Rajesh G. Ghone
Regular Advisor

тАО06-03-2003 10:17 PM

тАО06-03-2003 10:17 PM

Re: Changing password in a trusted system from a remote system

Hi Satish,
I dont know weather copying tcb directory will help you or not,but you can try giving command
#/usr/lbin/modprpw -k command to change the password.

Regards,
Rajesh G.
Rajesh Ghone
0 Kudos
Steven E. Protter
Exalted Contributor

тАО06-03-2003 10:18 PM

тАО06-03-2003 10:18 PM

Re: Changing password in a trusted system from a remote system

On non-trusted systems there is a way to magically move users and their passwords from one system to another. We had a consultant do it and I specifically never bothered to learn how. I want the users to know they a on a new system.

How I do it now that I'm in a trusted environment is I use useradd username

Then as root I change the password with a passwd command.

passwd username

I usually set the password to Change1 or the username1 depending on management policy at the time.

I then set the id to expire in seven days if its not used(forget the command, its at work, I'm not) and then passwd -f username so the first successful login forces a password change.

Our system is not elegant, its efficient.

I recommend against the /tcb copy attempt, I think trusted systems are designed to defeat this.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Christian Gebhardt
Honored Contributor

тАО06-03-2003 10:19 PM

тАО06-03-2003 10:19 PM

Re: Changing password in a trusted system from a remote system

Hi

it is possible to copy tcb-files from one system to another:

- create group in /etc/group (if necessary)
- create user in /etc/passwd on new system (same uid/gid/home/ ...)
- copy tcb-file from old-system to new-system (permission 664)

it works.

It is possible that this doesen't work with 10.20 to 11.00, I cannot test it because we do not have 10.20 anymore.

Chris
0 Kudos
sathish kannan
Valued Contributor

тАО06-03-2003 10:56 PM

тАО06-03-2003 10:56 PM

Re: Changing password in a trusted system from a remote system

Hi All,
Rajesh - I hope /usr/lbin/modprpw -k USERNAME --> will reactivate the account and not to change the password for a user. I have tried this option and didn't help me.

Chris,
What I want to do is to set user password from a remote system like using remsh or rlogin. So that I can use different password.

If my question was not clear I will do it again,
How to set / change users password in a trusted system from a remote trusted system ?

Regards
Sathish
Don't Think too much
0 Kudos
Christian Gebhardt
Honored Contributor

тАО06-03-2003 11:14 PM

тАО06-03-2003 11:14 PM

Solution

Re: Changing password in a trusted system from a remote system

Hi

you can replace password-string in the tcb-file:

cp /tcb/files/auth/u/user /tcb/files/auth/u/user.bak
sed 's/:u_pwd=.*:/:u_pwd=:/' /tcb/files/auth/u/user.bak > /tcb/files/auth/u/user

To avoid problems with quoting write this commands in a script, scp/ftp/rcp this script to the machine and try
ssh/remsh <script>

You can create different passwordstrings on your primary-system, by simply use passwd-command and copy the string from /etc/passwd or tcb-files

Hope this helps

Chris
0 Kudos
Kiran Kumar Aekabote
Frequent Advisor

тАО06-04-2003 01:17 AM

тАО06-04-2003 01:17 AM

Re: Changing password in a trusted system from a remote system

Hi Sathish,

U have to run the SAM on remote system or remsh sam on remote host.
U don't have any other option to change the login/passwd on a trusted system.

Good Luck
Kiran
You Just can't beat ME
0 Kudos
Darren Prior
Honored Contributor

тАО06-04-2003 02:40 AM

тАО06-04-2003 02:40 AM

Re: Changing password in a trusted system from a remote system

Hi Sathish,

I'm not aware of a method to remotely change passwords as you suggest. You won't be able to use NIS as it isn't supported on 10.20 trusted systems (but don't forget that HP will be ending support for 10.20 at the end of this month.) Here are the options as I see it:

1) remsh and use passwd on the remote system manually.

2) run passwd on the local system for a dummy user, then copy the u_pwd line from their tcb file and replace the existing u_pwd entry for the user on the remote system.

Be aware that manually editing the tcb files is not considered to be a good idea, it's easy to make mistakes. It's also a good idea to run authck -pv before you start to check the health of your tcb files.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
sathish kannan
Valued Contributor

тАО06-09-2003 08:50 PM

тАО06-09-2003 08:50 PM

Re: Changing password in a trusted system from a remote system

Hi All,
Chris and Darren's mwthod worked quite well. As said we can't change password by using "remsh", I set a default password on local machine and replace u_pwd string with that default password string and it works well.

Chris and Darren, Thanks for your help and full points being given to you guys.

Regards
Sathish
Don't Think too much
0 Kudos
sathish kannan
Valued Contributor

тАО09-19-2006 09:56 PM

тАО09-19-2006 09:56 PM

Re: Changing password in a trusted system from a remote system

thanks for your help guys.
Don't Think too much
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.