Re: modprpw - with SUPPLIED password

Mike_316 · ‎12-19-2002

Hey Gang,

I am trying to find a way (anyway really) to automatically change user account passwords to a specific password.

We have been using "modprpw -x" to expire an accounts password and assign a new RANDOM password. Ideally, I would love to find a way to use "modprpw" to change the password, however have the password changed to a SUPPLIED password.

I am willing to change and re-compile c code if necessary (I.E. encrypt.c, or use rsa.h, or whatever.)

It WILL NOT work to have the password changed to random and the user change the password when he/she logs in. These are accounts used by multiple people and (thus the rub) they are NOT allowed to change it (which is why we need to supply a password and have it automatically changed.)

There are a number of accounts, so changing the password manually would be a poor solution.

HELP! and thanks as always!

Mike

"If we treated each person we met as if they were carrying an unspeakable burden, we might treat each other as we should" - Dale Carnegie

Paul Sperry · ‎12-19-2002

cat userinfo |while read line
do
USER=$(echo $line|awk '{FS=":";print $1}')
PASS=$(echo $line|awk '{FS=":";print $2}')
/usr/sam/lbin/usermod.sam -p`echo "$PASS"` $USER
done

userinfo file would look like:
user1:password1
user2:password2
.
.
.

Mike_316 · ‎12-19-2002

Hey!

Thanks for the info. Running into a snag however. We are using RSA on this box. Therefore, when I run the "/usr/sam/lbin/usermod.sam -p" command, it DOES change the password in the "/tcb/files/auth//" file...however the account cannot log in.

What appears to be happening is, when I use the "/usr/sam/lbin/usermod.sam -p" command, it appears to enter whatever I give it as the password parameter into the "/tcb/files/auth//" file verbatim...however if I use the "passwd " command (with the same password) and then check the "/tcb/files/auth//" file, it has what appears to be the encrypted version of the password entered there.

I am thinking I need to encrypt the password (according to the requirements of RSA and HPUX 11) and then offer the encrypted version of the password to the "/usr/sam/lbin/usermod.sam -p" command.

Does anyone know how to do this??

Thanks!

Mike

"If we treated each person we met as if they were carrying an unspeakable burden, we might treat each other as we should" - Dale Carnegie

Rajeev Shukla · ‎12-19-2002

Yes mike when you use /usr/sam/lbin/usermod.sam -p username
It puts the same passwd(without encryption) into /tcb/files/auth/...username.
To get rid of this use a c program and by using crypt library you can encrypt the password and then use that in conjunction with usermod.sam.
It will definately work.
Let me know if you want that C program...I have written one.

Cheers
Rajeev

Mike_316 · ‎12-19-2002

Hey Rajeev,

Thanks for the confirmation! I woudl DEFINITELY like that C program. I have been looking all over for one, and cannot find one which will do the job.

Can you just list the code here, on the forum? I should be able to cut, paste and can compile it on my machine.

Thanks! I greatly appreciate it!!
Mike

"If we treated each person we met as if they were carrying an unspeakable burden, we might treat each other as we should" - Dale Carnegie

Rajeev Shukla · ‎12-19-2002

Yes mike,

#include
#include
#include
char *pass;
char *s = "JQ";
char *p = "hello123"; /* The password to be set */
main()
{
/* p = getpass(); Uncomment this line if you want password to be asked */
pass = crypt(p,s);
printf("%s\n", pass);
}

This is the program when you compile it and run it gives you an encrypted password which you can either paste in /tcb...or you can use /usr/sam/lbin/usermod.sam -p username.

Note this sets the password to "hello123" but if you want to provide the password uncomment the "getpass()" line. and when u run the program it will ask you to privide password which is not echoed and then after u press enter it give you the encrypted password.

Let me know how it goes.

Rajeev

Mike_316 · ‎12-19-2002

Thanks Rajeev !!

It compiled easily. I do have one additional question, not really being a C programmer. How would I change the code to allow the unencrypted password to be passed to the compiled encryption program.

Basically, I will be writing a fully automated script which will pull a non-encrypted password out of a file, pass it to the encryption program, take the encrypted return and change the password for the account using the usermod.sam command.

Thanks again! This has been a lifesaver!

Mike

"If we treated each person we met as if they were carrying an unspeakable burden, we might treat each other as we should" - Dale Carnegie

Mike_316 · ‎12-19-2002

P.S. When I uncomment the getpass line I get a "too few arguments for ." error. ???

Like I said, not really a C programmer.

Thanks!

Mike

"If we treated each person we met as if they were carrying an unspeakable burden, we might treat each other as we should" - Dale Carnegie

Bill Hassell · ‎12-19-2002

Here's a simple C program that uses the command line for input and produces the encrypted password with a random seed (first 2 chars):

#include
#include

/* 1st param is the desired password */
/* A random seed (2 chars) will be */
/* automatically chosen. */
/* For good passwords: */
/* Use random chars, mixed apha- */
/* numerics and MiXeD CaSe for */
/* better protection. */

main(argc, argv)
int argc;
char *argv[];
{

char salt[3];
char *EncryptedPasswd;
int CheckRand;
int Fixup;
int SeedChar;

printf("\nUsage: pw \n\n");

/* Generate a random starting point for seed charcaters */

srand(time(NULL));
for ( SeedChar = 0; SeedChar <= 1; SeedChar++) {
CheckRand = 46 + rand() % 76; /* random number from 46 to 122 */
Fixup = 7 + rand() % 13; /* random number from 7 to 20 */
salt[SeedChar] = toascii(((CheckRand >= 58 && CheckRand <= 64) ||
(CheckRand >= 91 && CheckRand <= 96) ? CheckRand + Fixup : CheckRand));
}

EncryptedPasswd=crypt(argv[1], salt);
printf("\nRequested pw= %s, Automatic Seed= %s, encrypted pw= %s\n",
argv[1], salt, EncryptedPasswd);
}

Bill Hassell, sysadmin

Rajeev Shukla · ‎12-19-2002

Hi mike,
Sorry for the delay, i went out for friday lunch.
Here is what you probably want. Try this it should definately compile and work.

#include
#include
#include
char *pass;
char *s = "JQ";
char *p = "hello123"; /* The password to be set */
main()
{
p = getpass(); /* Uncomment this line if you want */
pass = crypt(p,s);
printf("%s\n", pass);
encrypt(pass,s);
}

Rajeev Shukla · ‎12-20-2002

Hey mike have you got your problem fixed, or still got some queries.
Please assign points if the problem is soved to people you spent their valuable time for you.

Thanks
Rajeev

Mike_316 · ‎12-20-2002

Hey Guys!

The stinker works like a charm!! Thanks! I used the longer version of the encrypt.c, only for the random seeding. I managed to incorporate it beautifully into a series of scripts that keep the security high, and allows for a huge "password seeding" file.

Thanks again!

Mike

"If we treated each person we met as if they were carrying an unspeakable burden, we might treat each other as we should" - Dale Carnegie

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: modprpw - with SUPPLIED password

modprpw - with SUPPLIED password