HPE Community
Operating System - HP-UX
1855749 Members
4319 Online
104103 Solutions
New Discussion

Encrypted Password Propagation! Please Help!

 
Smucker
Regular Advisor

‎05-14-2003 11:25 AM

‎05-14-2003 11:25 AM

Encrypted Password Propagation! Please Help!

I need to write a scrip that searches the passwd file line by line for users in a specific group, and with a restricted shell. When found, the script needs to copy the encrypted passwords and propagate them to four other servers. I will be writing this script in ksh. I was hoping some insight might be shared on how I might go about starting this, or any ideas on how I might accomplish this! The plan is to auto run this script once a day/week/month.

Many Thanks,

SEW
0 Kudos
Reply
7 REPLIES 7
John Meissner
Esteemed Contributor

‎05-14-2003 11:28 AM

‎05-14-2003 11:28 AM

Re: Encrypted Password Propagation! Please Help!

have you made an attempt at this yet? just curious what you have so far.

Another program you will need to propogate this is "expect"


http://expect.nist.gov/

Which will allow you to create a script to ftp the files out... then telnet out the the servers and automatically edit the password files. as for the rest I can lend a hand - but wasn't sure if you had anything already done or not. - usually in a post like this we like the poster to attach his work to date.
All paths lead to destiny
0 Kudos
Reply
John Meissner
Esteemed Contributor

‎05-14-2003 11:33 AM

‎05-14-2003 11:33 AM

Re: Encrypted Password Propagation! Please Help!

You could also look into NIS+ or ldap. or is won't this work for you purposes?
All paths lead to destiny
0 Kudos
Reply
Smucker
Regular Advisor

‎05-14-2003 11:40 AM

‎05-14-2003 11:40 AM

Re: Encrypted Password Propagation! Please Help!

No, NIS/NIS+ and LDAP are not options! I don't have anything yet. I am in the early stages of planning! I want to run the script as a batch during off hours!
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎05-14-2003 12:49 PM

‎05-14-2003 12:49 PM

Re: Encrypted Password Propagation! Please Help!

Had a situation awhile back where I had to a mass password change to specific users. The criteria here to identify was that all the userid's were in caps (you can modify for your use).
I took my extra login account and changed the password. Then I did a cut&past on the encrypted p/w and put it in the attached script.
Hope it helps, or gives you some ideas...

Rgrds,
Rita
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎05-14-2003 12:51 PM

‎05-14-2003 12:51 PM

Re: Encrypted Password Propagation! Please Help!

Had a situation awhile back where I had to a mass password change to specific users. The criteria here to identify was that all the userid's were in caps (you can modify for your use).
I took my extra login account and changed the password. Then I did a cut&past on the encrypted p/w and put it in the attached script.
Hope it helps, or gives you some ideas...

Rgrds,
Rita
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎05-14-2003 12:52 PM

‎05-14-2003 12:52 PM

Re: Encrypted Password Propagation! Please Help!

A couple of questions:

Are you replacing the /etc/passwd file, appending records to it, or updating some entries in the file?

Do you have ssh installed. This will make moving files and running remote commands much easier and more secure that depending on rsh and friends.

You can extract the records using a simple awk command, like:

awk -F: '{if ($4 = 20) if ($7 != "/usr/bin/rksh") print }' /etc/passwd | tr " " ":"

and save them off into a file. What to do after that depends on how you plan on updating the password file on the other servers.
0 Kudos
Reply
Smucker
Regular Advisor

‎05-15-2003 05:55 AM

‎05-15-2003 05:55 AM

Re: Encrypted Password Propagation! Please Help!

Bill,

I do not have ssh istalled. The script will replace the encrypted password field in the passwd file on the desired servers with the encrypted password matching the criteria in which the script is running on.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.