HPE Community
Operating System - HP-UX
1837896 Members
3459 Online
110122 Solutions
New Discussion

Another scripting question

 
SOLVED
Go to solution
Steve Sauve
Frequent Advisor

‎09-19-2000 10:09 AM

‎09-19-2000 10:09 AM

Another scripting question

Hello all,
I'm putting together a script to create users (either from input or from a file). The last hitch I've run into is how to set the password. I have it creating the actual password, but I'm not sure how to get it into the /etc/passwd file. I figure there are two ways, first the passwd command (in some form) and second the crypt command (which I haven't really used before). Does anyone have any thoughts? I could just spit the password up on the screen, have the passwd command execute and have the operator type it in twice, but this would just add the human error element to it and would slow down the processing of a list of people.

Thanks,
Steve
0 Kudos
Reply
10 REPLIES 10
James Odak
Valued Contributor

‎09-19-2000 10:45 AM

‎09-19-2000 10:45 AM

Re: Another scripting question

i've worked on a bunch of platforms
so im not sure this is true for HP-UX or not
but from what i've seen the passwd command is one of those that will not work in a script .... the only work around i've seen is to use an option to defer the password and have it set upon the first login attempt

and i have never done that on HP-UX ...(was with a SCO system)


jim
0 Kudos
Reply
John Palmer
Honored Contributor

‎09-19-2000 10:46 AM

‎09-19-2000 10:46 AM

Re: Another scripting question

Amongst several other options are:-

Install 'expect' so that you can control the 'passwd' command.

Write a C program to call 'crypt' (I think not the crypt command) to encrypt the password or use a known encrypted 'initial' password that the user has to change when they first log in. If you are generating records to be appended to /etc/passwd then this encrypted string can be included in the record at that stage.

0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎09-19-2000 10:49 AM

‎09-19-2000 10:49 AM

Re: Another scripting question


Theres a couple of ways to do this;

1. Set their password in such a way as it has no password but requires the user to set their password the first time they login. Use the modprpw command.

2. Set your own password, you now know what it is, copy the encrypted string from the password file and put it into your script. You can now write this to any new password file entries and the password is set to something you already know.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Steve Sauve
Frequent Advisor

‎09-19-2000 12:31 PM

‎09-19-2000 12:31 PM

Re: Another scripting question

I appreciate the responses but they don't quite do what I'm looking for. What I need to do is create a unique password for each user. As I said I already create the password, just need to get it encrypted into the /etc/passwd file.
What is "expect"?
I looked at the encrypt command, but it seems to want a key, which tells me that it won't be properly encrypted as a password.
Any other help would be appreciated.
Thanks,
Steve
0 Kudos
Reply
Rick Garland
Honored Contributor

‎09-19-2000 12:43 PM

‎09-19-2000 12:43 PM

Re: Another scripting question

expect is another 'scripting' langauge, so is perl, awk, sed, etc.
expect works by "chatting" with the commands that you send. Example,

send passwd
expect New Password:
send
expect reenter password
send

You send a command, tell the script what to expect, it acknowledges, send the passwd.
However, in using expect the passwd you send is going to be clear. It is the passwd command that does the encrypting.
Very useful but not very secure with what you are doing.
There are some perl scripts that will do this as well.
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎09-19-2000 12:50 PM

‎09-19-2000 12:50 PM

Re: Another scripting question


I still believe you want the modprpw command. It accepts the format;

modprpw -w

Looks like this will enable you to set a users encrypted password to where string is a know password you decide on.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎09-19-2000 12:58 PM

‎09-19-2000 12:58 PM

Solution

Re: Another scripting question


Nope, my previous reply is no good, you need to pass the already encrypted password to it which is not what you want.

However, ive found a link to exactly what you want, including a perl script which will do the job;

http://www.dutchworks.nl/htbin/hpsysadmin?h=3&dn=44860&q=generating%20passwords&fh
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
RikTytgat
Honored Contributor

‎09-19-2000 01:04 PM

‎09-19-2000 01:04 PM

Re: Another scripting question

Hi,

What you are trying to do is not possible with the crypt command.

You should use the crypt library call (crypt(3)).

I attached a small C-program that 'crypts' the first argument on the commandline into a format to be used in the passwd file.

Hope this helps,
Rik.
Reply
Lawrence Mahan
Frequent Advisor

‎09-19-2000 05:10 PM

‎09-19-2000 05:10 PM

Re: Another scripting question

You can find expect here:

http://expect.nist.gov/

You will need to install tcl tk and expect to get expect to run.

This is the command line to use the passwd feature of expect.

/opt/expect/bin/expect /opt/expect/bin/autopasswd 'loginuser' 'password'

This will set the password for the 'loginuser' to what ever 'password' is.

This works in a shell script as this is how I stage new systems with passwords inplace.
Reply
Lawrence Mahan
Frequent Advisor

‎09-19-2000 05:15 PM

‎09-19-2000 05:15 PM

Re: Another scripting question

You can find expect here:

http://expect.nist.gov/

You will need to install tcl tk and expect to get expect to run.

This is the command line to use the passwd feature of expect.

/opt/expect/bin/expect /opt/expect/bin/autopasswd 'loginuser' 'password'

This will set the password for the 'loginuser' to what ever 'password' is.

This works in a shell script as this is how I stage new systems with passwords inplace.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.