Re: Multiple user password change

Jakes Louw · ‎09-30-2003

Hi all
I'd be the first to admit that I'm not a good scripter, in fact I try an get by with the least script writing possible (I grew up on mainframes, and UNIX scripting has just never clicked with me).
Anyway: I often need to change multiple user passwords at a time, sometimes up to 30. These are usually for classrooms, testing, sandbox groups, etc, so we usually set the password to a generic and let the user change it again later.
Do any of you have a nifty way of feeding PASSWD a password?
I would normally have to do a "for x in a b c d ....do..passwd $x...done" and then go the whole laborious hog of picking a password type (Trusted converted server), then a password and confirmation.
Any ideas?

Trying is the first step to failure - Homer Simpson

Thierry Poels_1 · ‎09-30-2003

hi,

if you want to set a password for a group of people you will need to combine "passwd" with "expect".

But as you mentioned classrooms, testing, sandbox, ... maybe you can just remove the passwords?

passwd -d -f username : to delete password and force a new one at next logon.

passwd -l username : to lock accounts when not needed.

good luck,
Thierry.

All unix flavours are exactly the same . . . . . . . . . . for end users anyway.

Jakes Louw · ‎09-30-2003

Hi Thierry

I'll play with the the -d -l options, maybe that's what could work in most cases.
Explain the "expect" thing to me?

Trying is the first step to failure - Homer Simpson

Thierry Poels_1 · ‎09-30-2003

expect is a program that talks to other interactive programs. You can script it to wait for "New password:" and "Re-enter new password:" and send the new password accordingly.

If you browse around (ITRC, google) you will probably find some examples.

best regards,
Thierry.

All unix flavours are exactly the same . . . . . . . . . . for end users anyway.

Jakes Louw · ‎09-30-2003

Thanks. You get some more points for that ;->

Trying is the first step to failure - Homer Simpson

Thierry Poels_1 · ‎09-30-2003

hi again,

BTW if the users are named more or less equal, you can shorten the script a lot, and don't have to bother if users are added.

instead of "for x in a b c d e ........"

for x in $(grep "Classroom Student" /etc/passwd |cud -d":" -f1)
do
...
done

regards,
Thierry.

All unix flavours are exactly the same . . . . . . . . . . for end users anyway.

Myles McManus · ‎09-30-2003

Keep these users at the end of the passwd file. Keep a seperate text file with the default users settings like this:
name:passwdstring:gid:uid
name2:passwdstring:gid:uid
name3:passwdstring:gid:uid

etc.

As long as the passwd string is the same. then the passwd will be too. You can just paste this onto the end of /etc/passwd whenever you need 20 temporary users or so. If they are temp users then its ok to give them logins like login1, login2 etc. And there's no real reason why they can't be re-used.

There's no place like $HOME.

Jakes Louw · ‎09-30-2003

Hi Myles
That doesn't work very well once the server is trusted.

Trying is the first step to failure - Homer Simpson

Rita C Workman · ‎09-30-2003

I needed to something similar awhile back and with the help of a great guy from HP, we got this script worked out.
In my case key was that all the users had login names as 'all caps', but you could change it to whatever will work for you...

Hope it helps,
Rgrds,
Rita

Rita C Workman · ‎09-30-2003

Hmmm...just tried to check and make sure the attachment is ok, but for some reason I can't open it from above. Maybe you can.
Just in case here's the script again:

#!/bin/sh
#
#
########################
# This script is to mass change
# passwords and set account
# to force user to change p/w
# at next login..
# Written by Sven Liessem HP.com
# and Rita Workman
# May, 2002
#
# YOU MUST FIRST GET THE
# ENCRYPTED PASSWORD VALUE
# FOR NEWPASS VALUE
#
#
# I run this script and output
# to another file & then
# lay file over /etc/passwd
# ex: ./scripts/passwd_mass_chg.sh > /etc/passwd.new
#########################
newpass="d.Cm86XRE3oH6,3..."
cat /etc/passwd | while read line
do
echo $line | grep -q '^[A-Z][A-Z]*:[^:]*,3\.\.\.:'
if [ $? -eq 0 ]
then
usrname=`echo $line | cut -d: -f1`
therest=`echo $line | cut -d: -f 3-`
echo $usrname:$newpass:$therest
else
echo $line
fi
done

Rgrds,
Rita

Jun Zhang_4 · ‎10-02-2003

I use perl module Authen-PAM. Creating a thousand users and change the passwords is just a matter of a few minutes. The following url is an introduction to it,
http://www.cs.kuleuven.ac.be/~pelov/pam/Authen/PAM/FAQ.html

Jun

Food lover

Jakes Louw · ‎01-13-2004

Just a final point on this:

after looking at expect, and struggling with finding the right version of TCL/TK, we finally just opted for forcing a disable/re-entry of the specified users' password using "passwd -f".

Thanks to whomever suggested this as an alternative.

Trying is the first step to failure - Homer Simpson

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Multiple user password change

Multiple user password change