HPE Community
Operating System - HP-UX
1834492 Members
2715 Online
110067 Solutions
New Discussion

I need a korn shell script to assign passwords

 
Weary in West Chester
Advisor

‎08-28-2002 11:03 AM

‎08-28-2002 11:03 AM

I need a korn shell script to assign passwords

Has anyone ever run a script to change/assign a bunch of passwords? I am trying to automate a process to set up a large number of users ranging from 1 to a 1000 with a similar uid (ie. user1, user2, ... user1000, etc) and assign the same password to each account. I am doing this on an AIX system with the mkuser command - this sets up the user account without a password. I then have to run passwd against each account to assign a password. What I can't seem to automate is assigning the password since it has to be entered twice like on HP-UX. If it only had to be enetered once, I think I could do it with the echo command and piping the password into the passwd command, but entering it twice, that's my problem. Any ideas? Your help is much appreciated. Thank you.
0 Kudos
Reply
7 REPLIES 7
James R. Ferguson
Acclaimed Contributor

‎08-28-2002 11:21 AM

‎08-28-2002 11:21 AM

Re: I need a korn shell script to assign passwords

Hi:

You can do something like this:

...make a dummy account and encrypt a password...

# useradd -u 60000 -g 20 -s /usr/bin/false -m DUMMY

...make an encrypted password from a clear text one of your choice...

# passwd -F /tmp/passwd DUMMY
# CRYPTPASS=`awk -F: '{print $2}' /tmp/passwd`

# for USER in #...define the list...
# do
# sed /^${USER}:/"s%*%$CRYPTPASS%" /etc/passwd > /etc/passwd.new
# mv /etc/passwd.new /etc/passwd
# chmod 444 /etc/passwd
# done

Regards!

...JRF...
0 Kudos
Reply
Weary in West Chester
Advisor

‎08-28-2002 12:31 PM

‎08-28-2002 12:31 PM

Re: I need a korn shell script to assign passwords

James,

the passwd -F ... does that add the password entry into /tmp/passwd instead of etc/passwd? If this sysetm doesn't have the "-F" option, can i just copy the line from etc/passwd and put it in the tmp/passwd file manually? will this still work?

Also, what does the sed /^${USER}... do?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-28-2002 12:52 PM

‎08-28-2002 12:52 PM

Re: I need a korn shell script to assign passwords

Hi (again):

I left out one step inadvertantly. The fundamental script should look like this:

...make a dummy account and encrypt a password...

# useradd -u 60000 -g 20 -s /usr/bin/false -m DUMMY

...make an encrypted password from a clear text one of your choice...

# echo "DUMMY" > /tmp/passwd
# passwd -F /tmp/passwd DUMMY
# CRYPTPASS=`awk -F: '{print $2}' /tmp/passwd`

# for USER in #...define the list...
# do
# sed /^${USER}:/"s%*%$CRYPTPASS%" /etc/passwd > /etc/passwd.new
# mv /etc/passwd.new /etc/passwd
# chmod 444 /etc/passwd
# done

The file '/tmp/passwd' will contain an encrypted passwd suitable for extraction into '/etc/passwd'. I caputure this field in the variable CRYPTPASS.

I assume that you have backed-up your /etc/passwd file before you start.

The 'sed' command looks for the evaluated user in '/etc/passwd' anchored to the beginning of the line. Upon finding the proper line, the CRYPTPASS is substituted for the asterisk ("*") in the password field. Thus, the snippet of code I have provided assumes that the user account does *not* have a password associated with it. This could be changed to your taste.

Regards!

...JRF...
0 Kudos
Reply
Wodisch_1
Honored Contributor

‎08-28-2002 01:32 PM

‎08-28-2002 01:32 PM

Re: I need a korn shell script to assign passwords

Hi,

the approach of using "sed" (or any other editing tool) directly onto your "/etc/passwd" is VERY dangerous!
Why not use "useradd" to create (locked) accounts, and then use the original "passwd(1M)" command to assign the passwords?
The only trick is to *embrace* that "passwd username" with "expect" - get it from the "HP-UX proting archives".
MUCH save IMHO...

FWIW,
Wodisch
0 Kudos
Reply
Rod McLean
Occasional Advisor

‎08-28-2002 06:20 PM

‎08-28-2002 06:20 PM

Re: I need a korn shell script to assign passwords

If you have shadow passwords enabled, you can't edit the passwd file directly. My preference for changing passwords in a script is to use:

/usr/sam/lbin/usermod.sam -p`echo "pass1234te" |/usr/lbin/makekey` username

This uses makekey to encrypt the password pass1234 and then assigns that password to user "username".
0 Kudos
Reply
James Beamish-White
Trusted Contributor

‎08-28-2002 11:36 PM

‎08-28-2002 11:36 PM

Re: I need a korn shell script to assign passwords

Rod - thanks for that, I have been looking for a way to do that for a long time. I keep getting told to write C code using getprpwent/setprpwent - which not being a C programmer is not so easy.

But I would like to say that you *can* edit the passwd file on a trusted system, and it can contain passwords, but you need to run pwconv to convert all the non-tcb passwords into the tcb.

Cheers!
James
GARDENOFEDEN> create light
0 Kudos
Reply
Eric Buckner
Regular Advisor

‎08-29-2002 06:51 AM

‎08-29-2002 06:51 AM

Re: I need a korn shell script to assign passwords

Weary,

This is what I do in a script on HP-UX. I use this segment inside a user creation script that is on our operations menu so I don't have to add users to the system.


PASSWORD=generic
PGROUP=100
SGROUP=101,102,103
USER_NAME=$1

/usr/sam/lbin/useradd.sam -p "$(/util/Encrypt $PASSWORD 2>/dev/null)" -g $PGROUP $SGROUP -s /usr/bin/ksh -m $USER_NAME




/util/Encrypt is another shell script that does the following.

{
pwd=`pwd`
cd /util
cat > pswdconv$$.c << EO_source
main()
{
printf ("%s", crypt("$1", "dC"));
}
EO_source
cc -o pswdconv$$ pswdconv$$.c
echo `./pswdconv$$`
rm pswdconv$$ pswdconv$$.c
cd $pwd
}


Eric
Time is not a test of the truth.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.