HPE Community
Operating System - HP-UX
1827903 Members
1975 Online
109970 Solutions
New Discussion

Automated root passwords

 
Mark Killen
Occasional Advisor

‎01-06-2006 04:30 AM

‎01-06-2006 04:30 AM

Automated root passwords

Hello, I am looking for suggestions. We have more than 30 HP servers and some sun servers in our shop. It is getting harder and harder to take the time to modify the passwords on a bi-monthly basis. Also if the password is recorded incorrectly we end up have to crash the server to recoer the password. Do any of my fellow admins know of a proven product or method of automating the root password changes of the systems.
Thanks
life is too short to work so long
0 Kudos
Reply
3 REPLIES 3
Bill Hassell
Honored Contributor

‎01-06-2006 05:39 AM

‎01-06-2006 05:39 AM

Re: Automated root passwords

By using sudo and designing the sudoers file appropriately, you can eliminate the need for knowing the root password at all. Indeed, one technique for managing Unix systems is to generate a random password and change it every few minutes. Technically, setting all 30 machines to the same root password is in itself a security risk. The ideal situation is a unique (and on the surface, unrelated) password for every machine. The use of ssh between the machines is also a way to manage the systems with securely without having to login to each system with a password.


Bill Hassell, sysadmin
0 Kudos
Reply
Alan Meyer_4
Respected Contributor

‎01-06-2006 05:46 AM

‎01-06-2006 05:46 AM

Re: Automated root passwords

A while back I wrote a perl script to automatically modify the root passwords according to a special formula built into the script. Unfortunately, I do not have a copy of that script anymore, but, I do remember that it utilized the Unix::PasswdFile module found on CPAN to access and set the password.

Hope this helps a bit.

/a/
" I may not be certified, but I am certifiable... "
0 Kudos
Reply
Rick Garland
Honored Contributor

‎01-06-2006 06:17 AM

‎01-06-2006 06:17 AM

Re: Automated root passwords

An expect script works wonders!

You can download expect from the gatekeep.cs.utah.edu archives

Create a short script or look through google for 'passw changes + expect', there will be many hits.

With the expect script, you can issue a single command and it will chat to all of the systems and invoke the command.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.