Operating System - HP-UX
1833873 Members
2470 Online
110063 Solutions
New Discussion

Can I write script to change users passwds

 
SOLVED
Go to solution
Sushil Singh_1
Advisor

Can I write script to change users passwds

Hi all,
I was wondering if some one or if there is some way I can automate changing fo passwords. I have 34 HP machine and changing password on each of this for atleast 6 user is going to be a pain. Is there any way I can automate or write script for the above purpose
8 REPLIES 8
Ted Ellis_2
Honored Contributor

Re: Can I write script to change users passwds

would you be able / allowed to implement NIS? If security does not prevent it, you may want to consider it.... especially if a lot of the machines have the same user accounts...

I do not have a script, but am a pretty firm believer that almost everything in Unix can be scripted... no doubt some smart person out there will give you a gem
steven Burgess_2
Honored Contributor
Solution

Re: Can I write script to change users passwds

sushil

Have a look at

http://www.netsys.com/sunmgr/1997-08/msg00082.html

HTH

Steve
take your time and think things through
Brian Kinney
Frequent Advisor

Re: Can I write script to change users passwds

Here's an old fashioned way of keeping passwords synchronized (pre-NIS):

1) Tell users to only change their passwords on one host (or their changes won't work.)

2) Build a SIMPLE script to copy /etc/passwd (and /etc/shadow) to all of the hosts.

3) Build a SIMPLE script to check if the passwd file (and shadow file if necessary) has changed since the last time this script was run.

Pseudo code follows:
if (testfile exists)
diff testfile /etc/passwd
if not identical
run script from line 2
cp /etc/passwd testfile
else
cp /etc/passwd testfile
fi

4) Take script of line 3 and make it a cron job to run every 1 minute.

[ Comment: Yes, a diff running once per minute may be taxing, but geez, telling people to wait two minutes for their changes to take effect will be annoying too. I've tried the "run this script" to change your passwd, and people forget to, or know too much about UNIX and outright ignore you. ]

5) For the ultra accurate, kick off script of line 3 on every boot up of the "passwd host" in line 1.

You could edit all six accounts from one host, and in one minute after you're done - all hosts are being updated for you. Obviously, there is room for improvement, like verifying the files arrived to each host, and so on.

When you get past 40 hosts, keeping tabs on these files gets downright annoying. Consider moving to NIS or LDAP services.
"Any sufficiently advanced technology can be indistinguishable from magic" Arthur C. Clarke. My corollary - "Any advanced technology can be crushed with a sufficently large enough rock."
Christian Gebhardt
Honored Contributor

Re: Can I write script to change users passwds

If you have a trusted system passwords are located in the files

/tcb/files/auth//

e.g root-password in

/tcb/files/auth/r/root

So you have to copy the password-entry
u_pwd=
to the other machines.

I recommend not to copy the whole file to the other machines cause you will loose information such as count of unsuccessful logins, ...

Christian
Wodisch
Honored Contributor

Re: Can I write script to change users passwds

Hi,

you could use the SAM-tool from "/usr/sam/lbin/", but in case you'll get a non-HPUX-system that would not work, so I would recommend to get "expect" and use that to run interactive commands like "passwd" in a batch-oriented way under your (expect-)script's control.

HTH,
Wodisch
Anil C. Sedha
Trusted Contributor

Re: Can I write script to change users passwds

Sushil,

Simple procedures :

1) Do you have NIS. If yes, then you may have just once master copy of the passwords and remove the password entries for each user from the local system and change in /etc/nsswitch.conf

passwd nis [NOT Found] files

2) If you don't have NIS. Create a master copy of /etc/passwd on one system. Update the passwords on one system. Copy the /etc/passwd file on all other systems via a script. You may use ftp in your script to update other systems.

Regards,
Anil
If you need to learn, now is the best opportunity
Anil C. Sedha
Trusted Contributor

Re: Can I write script to change users passwds

Sushil,

Don't forget to assign points if the answers suit you. just reminding.

:-)

Regards,
Anil
If you need to learn, now is the best opportunity
Sushil Singh_1
Advisor

Re: Can I write script to change users passwds

Hi All,
Thank you all for taking interest and providing wonderful solutions.

Ted,
NIS was a good idea. But only issue was that all the machine name would have same passwords, which could have been a potential problem.

Steven,
The site u sent was right on the money, I was able get all the information and finally have a cron script doing all the work for me.

Brian,
It was a good idea to work the scripts that way, but I would need to change the password on weekly bases and cannot have the same password for atleast 13 weeks.

Christian,
Sorry, don't have trusted system yet. We are moving toward that soon.

Wodisch,
I did use expect and it worked like a charm.

Anil,
We have total of 48 machine including IMB, HP and SUN. Making /etc/passwd file for each of these machine with unique password would be more work than actually changing the password. But ur solution would have worked on lesser number of systems

Thank u all again