HPE Community
Operating System - HP-UX
1832759 Members
2936 Online
110045 Solutions
New Discussion

Re: passwd

 
SOLVED
Go to solution
Constantine_1
Occasional Advisor

‎09-03-2003 11:02 AM

‎09-03-2003 11:02 AM

passwd

When new account is set
Users receive the default password
How can I check that the password was changed
We don't have trusted server setup and no ageing on our machines
live and learn every day
0 Kudos
Reply
14 REPLIES 14
Constantine_1
Occasional Advisor

‎09-03-2003 11:04 AM

‎09-03-2003 11:04 AM

Re: passwd

And how will I make sure that the user not using the same default password
live and learn every day
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-03-2003 11:07 AM

‎09-03-2003 11:07 AM

Re: passwd

passwd -sa
will provide you some data.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Leif Halvarsson_2
Honored Contributor

‎09-03-2003 11:09 AM

‎09-03-2003 11:09 AM

Re: passwd

Hi,
You can force the user to change password at next login. Check the password option in SAM/Accounts for Users and Groups.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-03-2003 11:09 AM

‎09-03-2003 11:09 AM

Re: passwd

passwd -f

Will force the user to change the default password at first login.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mark Grant
Honored Contributor

‎09-03-2003 11:10 AM

‎09-03-2003 11:10 AM

Re: passwd

You could copy the passwd file and compare it with "diff" to the real one from time to time.

However, if you put ",M0" at the end of the encrypted password for the user in /etc/passwd, they will be forced to change there password when they first use it but it won't force them to change it again later. In other words, it doesn't implement password aging but does ensure that the original password gets changed.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Umapathy S
Honored Contributor

‎09-03-2003 11:11 AM

‎09-03-2003 11:11 AM

Re: passwd

Constantine,

In SAM, create the user account with the option "Force passwd change at next login" under Set Password options.


HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-03-2003 11:18 AM

‎09-03-2003 11:18 AM

Re: passwd

This is a bit tricky given that a user could change his password back to the default value but there is a way to do this rather easily (and in fact given that a user could revert to the default password) should be done for all users periodically.

I would use Perl to extract all users from the passwd file and then call getpwnam() to get the hashed passwd word, extract the 1st 2 chars of this field and this bemomes the 'salt' value. Now
call crypt() using your default password and the $salt value and if that hash matches the hashed passwd found in /etc/passwd then the user is using the default passwd.

Very easy Perl script.
If it ain't broke, I can fix that.
0 Kudos
Reply
GK_5
Regular Advisor

‎09-03-2003 11:19 AM

‎09-03-2003 11:19 AM

Re: passwd

passwd -f loginname will force to change the passwd at next login
IT is great!
0 Kudos
Reply
Constantine_1
Occasional Advisor

‎09-03-2003 11:20 AM

‎09-03-2003 11:20 AM

Re: passwd

Forcing the users to change the password that's not a problem
Finding who should change that is a problem

Any Ideas how I can take default pasword and compare to what users have


live and learn every day
0 Kudos
Reply
Jayan_2
Advisor

‎09-03-2003 11:35 AM

‎09-03-2003 11:35 AM

Re: passwd

Dear ,


See directly to the /etc/passwd file.

regards
Jayan
Work whole souled so as to god
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-03-2003 11:41 AM

‎09-03-2003 11:41 AM

Solution

Re: passwd

Okay, here is a 2 minute Perl example:

#!/usr/bin/perl -w

use strict;

use constant MIN_UID => 101; # no need to check values below this
use constant DEFAULT_PW => "secret";

my ($name,$passwd,$uid);

setpwent();
while (($name,$passwd,$uid) = getpwent())
{
if ($uid >= MIN_UID)
{
my $salt = substr($passwd,0,2);
my $hash = crypt(DEFAULT_PW,$salt);
if ($hash eq $passwd)
{
printf("User %s (UID %d) is using the default passwd %s\n",
$name,$uid,DEFAULT_PW);
}
}
}
endpwent();

Just set to DEFAULT_PW constant to your value and it will work. It will even work with NIS/NIS+ or plain /etc/passwd.


If it ain't broke, I can fix that.
Reply
Leif Halvarsson_2
Honored Contributor

‎09-03-2003 12:01 PM

‎09-03-2003 12:01 PM

Re: passwd

Hi,
Copy the crypted default passwd from the password file, in my example it is "sNiloRtBTvMzI".

awk 'BEGIN { FS=":" } $2 == "sNiloRtBTvMzI" { print }' /etc/passwd
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-03-2003 12:09 PM

‎09-03-2003 12:09 PM

Re: passwd

Unfortunately, Leif's approach is not very robust because the user could change the passwd back to the default value using the passwd command and because a new "salt" value would be randomly chosen the values would compare differently even though the plaintext passwds are identical. You really have to extract the "salt" from the passwd field and run it through crypt and compare that result to the original.
If it ain't broke, I can fix that.
0 Kudos
Reply
Leif Halvarsson_2
Honored Contributor

‎09-03-2003 12:12 PM

‎09-03-2003 12:12 PM

Re: passwd

Hi,
Yes, I discovered that. Sorry, it was not a good solution.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.