Re: Change Password without prompting

J Ramesh Kumar · ‎04-27-2008

Hi,

I require to change an user user password without prompting. Because I need to trigger the command from my program. Currently the linux has the following option,

/usr/sbin/usermod -p

But the -p option is not available in hp-ux. Is there any way to change the password without prompting ?

Thanks in advance for your help.

Thanks,
Ramesh

OFC_EDM · ‎04-27-2008

Think you're out of luck.

Are you changing password for same user across systems?

If so, All I can think of is to change the password on one system.

Then from the program Copy there entry from the password file onto the other systems.

Provided they're using the same UID on the other systems.

Also there may be more considerations if you're using Trusted mode etc.

We do have a script here which does this for a select group. I'll see if I can find it and see if there's any hints there.

But again there is the requirment to initially answer a prompt.

----------------------
There are utilities to automatically script responses to questions from commands.

Can't think of it right now but you may be able to use on of those.

Cheers

The Devil is in the detail.

J Ramesh Kumar · ‎04-27-2008

Hi Kevin,

Thanks for the quick response. My exact requirement is, my application server will run one m/c and agent will run the hp-ux system. User can change their password from my application client. If he changes the password from the client, the server will send out the request to the agent which written in C code. The agent will trigger a command which will change the password on the hpux m/c. Please let me know, if you have any utilities for handling prompting issue.

Thanks,
Ramesh

OFC_EDM · ‎04-27-2008

I'm on it....I believe I had a script some years ago that did this. Trying to find it for you.

May not have it today though.

Cheers

The Devil is in the detail.

OFC_EDM · ‎04-27-2008

Found this old script. But it needs the product "expect" on the system.

The con is that you have to know what your prompts will be:

#!/bin/sh
# \
exec expect -f "$0" ${1+"$@"}
set password [lindex $argv 1]
spawn passwd [lindex $argv 0]
expect "assword:"
send "$password\r"
expect "assword:"
send "$password\r"
expect eof

Usage
changepasswd username 123456

The Devil is in the detail.

OFC_EDM · ‎04-27-2008

This question has been asked before in these forums.

Here's one thread
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=598850

In the Forum search use the keywords "expect passwd" and you'll get a few more hits.

Good luck.

(If you can post your solution once done it would benefit others...oh and points are nice too :)

The Devil is in the detail.

OFC_EDM · ‎04-28-2008

You can download the expect software for HP-UX from here.

http://hpux.ece.ualberta.ca/hppd/hpux/Tcl/expect-5.43/

The Devil is in the detail.

OFC_EDM · ‎04-28-2008

There's some dependencies. So look at those and install in order.

You'll have to make sense of it by accessing the portal site I posted in my last link.

For example expect requires tcltk.

The Devil is in the detail.

CharlesC · ‎04-28-2008

Can you generate the password first then copy to the other machines through script?

#!/opt/perl/bin/perl

print "Salt code: ";
$VAR{salt}=<>; #first argument
print "Password: ";
$VAR{pass}=<>; #second argument
$VAR{pass}=crypt($VAR{pass}, $VAR{salt});
print "Result: ", $VAR{pass}, "\n";

What if...

J Ramesh Kumar · ‎04-28-2008

Hi,

Is the salt can be anything ? If the salt code is given by user, how the system interpret the /etc/passwd file. I am planing to encrypt the password and directly write to /etc/passwd file. Here, I am struggling with the salt code.

Thanks,
Ramesh

CharlesC · ‎04-28-2008

If you look at the /etc/passwd file, the salt is the first 2 letters of the encrypted password.

What if...

CharlesC · ‎04-28-2008

Supposedly the salt is generated randomly by system. On the other hand, the system doesn't care what the salt is, as long as it match with the encrypt password.

What if...

J Ramesh Kumar · ‎04-28-2008

Hi Kevin & Charles,

Thanks for your help. Since my product will be installed in many customer places, I tried to remove the dependency with 'expect' command. So I directly change the /etc/passwd file by doing the following steps,

* My agent C code encrypt the password using crypt(password,salt); function. Following link contains some information about this,

http://www.sunmanagers.org/archives/1996/0603.html

* The generated encrypted password will be passed to a script. That script will directly change the /etc/passwd file with the encrypted password. Following are the content of the script which may be helpful for others,

#!/bin/sh
echo $#
if [ $# -ne 3 ]
then
echo "Usage : sh changePassword.sh "
exit 1
fi
USER_NAME=$1
OLD_PASSWD=$2
NEW_PASSWD=$3

FILE_NAME='passwd'
FILE_FULL_PATH='/etc/passwd'

if [ ! -f $FILE_NAME.orig ]
then
cp -f $FILE_FULL_PATH $FILE_NAME.orig
fi
cp -f $FILE_FULL_PATH $FILE_NAME.bkup

OLD_LINE=`cat $FILE_FULL_PATH | grep $USER_NAME":"$OLD_PASSWD`

if [ "$OLD_LINE" != "" ]
then
OLD_DATA=`echo $OLD_LINE | cut -d ":" -f3-10`
NEW_LINE=$USER_NAME":"$NEW_PASSWD":"$OLD_DATA
cat $FILE_FULL_PATH | grep -v $USER_NAME":"$OLD_PASSWD > $FILE_NAME.tmp
echo $NEW_LINE >> $FILE_NAME.tmp
cp -f $FILE_NAME.tmp $FILE_FULL_PATH
chmod 644 $FILE_FULL_PATH
echo "Password for "$USER_NAME" has been changed successfully at "`date` >>chpwd.log
exit 0
else
echo "Could not find old entry." >>chpwd.log
exit 1
fi

Thanks,
Ramesh

J Ramesh Kumar · ‎04-29-2008

Hi,

It may not be right place to ask solaris related question. I did the same thing in solaris and it is not working. In solaris, I have modified the /etc/shadow instead of /etc/passwd. Any help ?

Thanks,
Ramesh

J Ramesh Kumar · ‎04-29-2008

The same approach working fine for solaris. Kindly ignore my previous post.

J Ramesh Kumar · ‎05-05-2008

Hi,

Finally I got a command which accepts the password as arguments. Following are the command details,

/usr/sam/lbin/usermod.sam -p

/usr/sam/lbin/usermod.sam -p "xyZz5eiXOP3r." rameshj

Is there any issue on the above command ?

Thanks,
Ramesh

Yogeeraj_1 · ‎05-05-2008

hi Ramesh,

In Hp-UX, unfortunately we only have:
usermod [-u uid [-o]] [-g group] [-G group [, group...]]
[-d dir [-m]] [-s shell] [-c comment] [-f inactive]
[-l new_logname] [-e expire] login

unline linux, solaris etc

hope this helps too!
kind regards
yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)

Yogeeraj_1 · ‎05-05-2008

Hi again,

sorry for the confusion in my previous post.

the -p option do exist when using usermod.sam

SRV2:>/usr/sam/lbin/usermod.sam
User name must be specified
Usage: usermod.sam -p -u -o -g -G , -d -m -s -c -f <inactive> -e <expire> -l <new logname> <login> >Is there any issue on the above command? Only when using the command over unsecured connections and possibilities of evesdropping also exists. There may also be the possibility of changes in the program (usermod.sam) over the next versions or patches. kind regards yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)

Bill Hassell · ‎05-05-2008

Because your code must run on several different machines and revisions, only the usermod solution will work. Otherwise, you will have to accommodate standard, Enhanced, Trusted, and shadow authentication on the different systems. Also consider that on some systems, passwords longer than 8 characters are allowed and perhaps may be required due to company standards. The -p option only exists in /usr/sam/lbin/usermod.sam but most important: the -p value must be the encrypted password, NOT what the user typed in.

The attached program will generate the encrypted password up to 8 characters long. Passwords longer than 8 characters are undefined. usermod.sam will immediately expire a new password if there is no aging provided so use passwd -o and -n to set the aging, or modprpw -v to refresh the aging.

Bill Hassell, sysadmin

William Earley · ‎10-31-2008

SAMMOD=/usr/sam/lbin/usermod.sam
MAKEKEY=/usr/lbin/makekey

read cpypwd?"enter your password again for verification: "
if [[ $cpypwd != $mypwd ]]; then
echo
echo "You have a lousy memory or you cannot type or both, try again"
else
break
fi
done
#. $mypwd needs to be 8 characters long
#. 10 <= $seed <= 23+59+10 (92)
#. so you are supplying a 2 character SEED
#. This gives you a 13 character encrpted pw
((seed=`date +%H+%M+10`))
echo "${mypwd}"${seed}|$MAKEKEY|read cryptpw
echo "We will use pw=[${mypwd}] aka $cryptpw for $loginid" >&2
rstat=`ssh $server "$SAMMOD -F -p $cryptpw $loginid; echo $?" 2>/dev/null`
if [[ $rstat -ne 0 ]]; then
echo "Password initialization failed for $loginid" >&2
fi

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Change Password without prompting

Change Password without prompting