Re: Adding users with trusted systems

Travis Harp · ‎01-26-2004

I've been adding user via sam for a while now but I'm trying to develop a script to make this task less time consuming.

Does the useradd.sam command work correctly when used on a trusted system and is there anything that I need to know before going forward?

Thanks

Eagles may soar but weasels don't get sucked into jet engines.

Camel_1 · ‎01-26-2004

useradd command works the same on btoh trusted/notrusted system.

Simon

Uday_S_Ankolekar · ‎01-26-2004

/usr/sbin/useradd command should workwell with your scripts.

-USA..

Good Luck..

Hoefnix · ‎01-26-2004

just tested and useradd works in trusted system.
regards,

Peter

Darren Prior · ‎01-26-2004

Hi Travis,

The main point you should know is that it's not supported to use the useradd.sam script. It's only designed to be used internally by SAM and it's possible that it could get changed by a patch.

Please also consider assigning points to those that have given their time to help you. It's free, plus it helps others decide which answers have been useful.

regards,

Darren.

Calm down. It's only ones and zeros...

Jeff Schussele · ‎01-26-2004

Hi Travis,

As noted /usr/sbin/useradd (and /usr/sbin/groupadd as well) work the same in both envs.
Would be used as follows:

/usr/sbin/useradd -u UID -g GID -d /home/username -m -s /usr/bin/ksh -c "Comments here - maybe full name" username

The GID must exist or you'll have to create it fisrt - with groupadd if you wish.
The home dir can be wherever you normally put them & the -m states to make (create) the dir if it doesn't exist. We use the -c for full user name & affiliation (what group they're with or phone #, etc.). And of course you can give them whatever valid shell you wish or they want.

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Sridhar Bhaskarla · ‎01-26-2004

Hi,

Useradd is the command you should be using as pointed already.

However, with useradd you will not be able to set the password. If you have an encrypted password for the user (you can generate the encrypted password using the 'makekey' command in /usr/lib) and add it using the command

/usr/sam/lbin/usermod.sam -p abjHqL18xWq0A user

Here abjHqL18xWq0A is the encrypted password.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Mic V. · ‎01-26-2004

I hacked out a C program to handle setting the password with straight useradd. It just did getpwent, etc. Wasn't too bad once I thought it out. Sorry, can't post the code.

What kind of a name is 'Wolverine'?

Bill Hassell · ‎01-26-2004

Attached is a really simple C program to generate an encrypted password. usermod.sam has not changed in several revs and still works to modify the password (whether Trusted or not) in both 11.0 and 11.11 (and 10.20 for that matter). So you can use the output of this program as the encrypted password to pass to usermod.sam

Bill Hassell, sysadmin

Travis Harp · ‎01-26-2004

Ok I'm making some good progress here thanks to everyone's help but I'm having an issue getting the password set.

I've been using makekey to get the encrypted password as suggested but when I use the usermod.sam -p it doesn't seem to take.

As a test I tried to su to one of these accounts and the password I just put in doesn't work, I've tried it unencrypted as well with no better results.

What am I doing wrong here?

Eagles may soar but weasels don't get sucked into jet engines.

Steven E. Protter · ‎01-26-2004

useradd.sam is just some internal sam program that does the same job as useradd.

use useradd, Bill Hassel's program and as they say in Siberia, "Your'e Done"

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Mic V. · ‎01-26-2004

To clarify, the program I wrote actually set the password by (carefully!) modifying the passwd file once the account had been created.

What kind of a name is 'Wolverine'?

Travis Harp · ‎01-26-2004

The password is now working, thanks everyone.

One last thing remains, I would like to have these accounts created with an expired password so the user is forced to change the password on first log in.

How would I go about that on the command line?

Eagles may soar but weasels don't get sucked into jet engines.

Sridhar Bhaskarla · ‎01-26-2004

Hi,

You will need to pay attention to makekey while creating the encrypted password. makekey will accept exactly 10 chars with first 8 being the password. The last two chars are called salt and they can be arbitrary. For ex., to create the encrypted password for "test1234" I would use the following

echo "test1234xy" |/usr/lib/makekey

Here xy can be anything.

Try it and it should work.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Sridhar Bhaskarla · ‎01-26-2004

Hi,

command line to force the user to change his/her password is 'passwd -f user'.

Man 'passwd' for more information.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Travis Harp · ‎01-27-2004

I'm almost there but now I'm having a problem with the accounts saying that the password is expired and it's not allowing the user to set the password.

Last successful login for : Mon Jan 26 15:31:39 CST6CDT 2004
Last unsuccessful login for : NEVER
Your password has expired.
su: Password for has expired. Choose new password and try again
su: Sorry

It's acting like the password life time has expired.

I can go into sam and reset the password age to zero and it works fine.

Is there a command line way to set the password age to zero?

Eagles may soar but weasels don't get sucked into jet engines.

Bill Hassell · ‎01-27-2004

/usr/lbin/modprpw -e user_login_name

The man page is missing on 11.0 and earlier systems but it's there for 11.11 and later. Get a copy from docs.hp.com (and also get getprpw, lots of useful info)

Bill Hassell, sysadmin

Bill Hassell · ‎01-27-2004

Almost forgot: using su to login to an expired account will give you that exact behavior. You must login normally (ssh or telnet) to change the password.

Bill Hassell, sysadmin

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Adding users with trusted systems

Adding users with trusted systems