HPE Community
Operating System - HP-UX
1823381 Members
3179 Online
109654 Solutions
New Discussion юеВ

SAM, TCB & Changing a users Password

 
Ivan A. Marshall
Occasional Contributor

тАО04-10-2001 11:54 AM

тАО04-10-2001 11:54 AM

SAM, TCB & Changing a users Password

Right ... I am needing some help guys ....

I have a little problem when using SAM to add a new user ...

1. I add the user
2. I get a password for the user from SAM/TCB.
3. I have to then find the user, and Modify the password to a standard new password (something like newpassword)
4. And then manually tell SAM to set the expiration to now (so the user will have to change the password).

Now I managed to script a part of SAM to expire the password staright after I created the account (using the POST conditions), but I can not find a way to automate the change of password.

I have to go find the user (I have over a 1000), and then manually change. Or I have to go out into shell and run passwd.

I tried running passwd in the POST condition script, but that just hangs SAM.

I know it doesn't seem like much, but when you have to create 200 users it gets very tiring.

Is there any way that I can use a command (without interaction) to create a new password??

Or, Is there a setting that will tell SAM to let me pick the password at creation (not the Security Setting "Let User decide" , because that still gives me the SAM generated password) ...??

HELP ... HELP
NT sucks ... Let Mac rule the world
0 Kudos
Reply
6 REPLIES 6
Jim Moffitt_1
Valued Contributor

тАО04-10-2001 12:14 PM

тАО04-10-2001 12:14 PM

Re: SAM, TCB & Changing a users Password

Ivan, when you're creating the user there is an option called Modify password options. This option allows you to a) leave the password with no restrictions(this is the default), b) force password change at next login, c) allow only super user to change password or d) enable password aging.
on the command line you can also force password change at next login by typing:
passwd -f username

Hope this helps.

Jim Moffitt
0 Kudos
Reply
Ivan A. Marshall
Occasional Contributor

тАО04-10-2001 12:20 PM

тАО04-10-2001 12:20 PM

Re: SAM, TCB & Changing a users Password

Nope ...

You are talking about normal systems ...

Not TCB ...

Anyone else ....??
NT sucks ... Let Mac rule the world
0 Kudos
Reply
Bob Hochstetler
New Member

тАО04-11-2001 05:41 AM

тАО04-11-2001 05:41 AM

Re: SAM, TCB & Changing a users Password

The modprpw command (/usr/lbin/modprpw) may be of some use on a trusted system. I believe it is still unsupported but I found a manpage through searching the IT resource center. It allows a "-w" option to supply an encrypted password for a user. I have not used this feature however.
0 Kudos
Reply
Ivan A. Marshall
Occasional Contributor

тАО04-11-2001 05:55 AM

тАО04-11-2001 05:55 AM

Re: SAM, TCB & Changing a users Password

OK .. I know of modprpw ....

But I can not find reference to a -w on the HP web site ....

So I can supply a password in normal text ...

e.g. modprpw -w testpassword

????
NT sucks ... Let Mac rule the world
0 Kudos
Reply
Jim Moffitt_1
Valued Contributor

тАО04-12-2001 11:44 AM

тАО04-12-2001 11:44 AM

Re: SAM, TCB & Changing a users Password

I just found a man page for you from this question today. Hope it's helpful.


http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xe505a22d6d27d5118fef0090279cd0f9,00.html
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО04-12-2001 12:29 PM

тАО04-12-2001 12:29 PM

Re: SAM, TCB & Changing a users Password

Unfortunately, supported HP-UX mechanisms make the task of adding a user w/o operator intervention (i.e. totally by script) are virtually non-existant.

To accomplish your task, you'll want to sharpen up your C pencil.

Depending on the options you chose for Trusted HP-UX, we've done something like

/usr/sam/lbin/useradd.sam -g -d /home/ -c "" -s/usr/bin/ -p "" -o -u

where password is an already crypted password returned by C's crypt() function. In our setup, we also had to "activate" the account by making the password's last changed date current, so that the user isn't prompted to change their password during login. Here's a snippet of code that did the trick:

localpr_passwdent=*mypr_passwdent;
localpr_passwdent.ufld.fd_schange=time(NULL);
localpr_passwdent.uflg.fg_schange=1;
if (putprpwnam(localpr_passwdent.ufld.fd_name, &localpr_passwdent)==0) {
printf("activate: password modify failed\n");
}

Note, if you extract existing passwords from the TCB of one host to bulk build accounts on another host, you don't need the crypt function. The passwords are already crypted.

We used a C program to extract the old account information into a tab delimited file. Then we used a script in conjunction with the "activate" code to set up the accounts on the new system.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.