HPE Community
Operating System - HP-UX
1756181 Members
3134 Online
108842 Solutions
New Discussion юеВ

non interactive passwd change

 
Richard_115
Frequent Advisor

тАО05-20-2003 07:18 AM

тАО05-20-2003 07:18 AM

non interactive passwd change

How can I change a passwd non-interactively ??
Any idea
0 Kudos
Reply
6 REPLIES 6
Shannon Petry
Honored Contributor

тАО05-20-2003 07:22 AM

тАО05-20-2003 07:22 AM

Re: non interactive passwd change

You need to get expect to do this. http://hpux.cs.utah.edu/ is a great place to download it.

Expect is an advanced scripting language, made for jobs like this ;)

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

тАО05-20-2003 07:30 AM

тАО05-20-2003 07:30 AM

Re: non interactive passwd change

expect is the tool you need
it is a scrip language based on TCL and makes this jobs very easy and robust.

SEE:
http://expect.nist.gov/


Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Jairo Campana
Trusted Contributor

тАО05-20-2003 07:31 AM

тАО05-20-2003 07:31 AM

Re: non interactive passwd change

I send script attach :C code to non-interactively change a user's password
There currently is no command that will accept a username and password as arguments and change the user's password. However, this can be done programatically.
The following code is unsupported. However, this code should be used as an example, and should not to be taken as warranty that it is free from all defects.

Here is some C code that may be used to programmatically change a user's password on a non-trusted system. The major challenge with this is reading from the "/etc/passwd" file and modifying just one field of one line of that file.


The above two programs should be compiled and must be executed as the "root" user in order to access the non-trusted "/etc/passwd" file or trusted user's password information file.
The above programs may be modified to not accept two arguments, but instead accept just one argument as the password and have the code execute a getuid(2) to get the user id of the user executing the code, then run getpwuid(3C) to get the user's name, and act upon that user's information. For example:


:
strcpy(username, getpwuid(getuid())->pw_name);
strcpy(password, argv[1]);
:
Note: The argument count should also be modified to accept only one argument if this modification is used.
In order for this resulting executable (from the code which accepts just a password and no username argument) to be effectively used by users, the executable should be owned by root and have the setuid bit set, so it effectively runs as root.

legionx
0 Kudos
Reply
Stuart Abramson_2
Honored Contributor

тАО05-20-2003 07:40 AM

тАО05-20-2003 07:40 AM

Re: non interactive passwd change

You can edit the /etc/passwd file directly, but be careful.

Change a passwd on system A and save the new passwd field. make sure that you know the new password value.

testdl1:RsC1T4xi7BQzo:113:20:test dl 1,,,:/home/testdl1:/usr/bin/sh

. cp /etc/passwd /etc/passwd.save.
. Use sed or cut to replace the field in the target passwd file to the new value in the new passwd file.
. copy the new passwd file back onto the old passwd file.

Passwords created on any hp-ux system are good on any other hp-ux system even though they may look different. If "dog" translates to "RsC1T4xi7BQzo" on system A, then "RsC1T4xi7BQzo" will crack back to "dog" on any other system.
0 Kudos
Reply
doug hosking
Esteemed Contributor

тАО05-22-2003 11:47 AM

тАО05-22-2003 11:47 AM

Re: non interactive passwd change

Jairo, your trusted system code has a few ticking time bombs in it. I unfortunately don't have time today to go into details on each of them but one that leaps out at me is that you should be using bigcrypt() instead of crypt() on a trusted system (and adjusting the size of your password buffers accordingly). This is because on HP trusted systems passwords can be much longer than on standard UNIX systems. (See AUTH_MAX_PASSWD_LENGTH and adjacent defines in prot.h and the bigcrypt man page.)

As others have noted, expect is a good way to deal with this problem.

0 Kudos
Reply
doug hosking
Esteemed Contributor

тАО05-22-2003 11:50 AM

тАО05-22-2003 11:50 AM

Re: non interactive passwd change

One other caveat with these solutions is that the standard UNIX utilities honor a locking protocol when changing passwords. Programs that just do simple renames, etc. will often work but may lose changes when multiple people are editing /etc/passwd simultaneously.
See lckpwdf(3C), for example.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.