HPE Community
Operating System - HP-UX
1833016 Members
2161 Online
110048 Solutions
New Discussion

set passwords from a script or program

 
SOLVED
Go to solution
John Kittel
Trusted Contributor

‎09-11-2003 01:42 PM

‎09-11-2003 01:42 PM

set passwords from a script or program

On a trusted system, HP-UX 11i, what is a good way to set an account password, preferably from a shell script? or, alternatively from a simple C program I could write and then call from a script? or, lastly, from a perl program?

( I thought about using expect but I had quite some difficulty getting expect installed and working so I abandoned that approach for now.)

I need to add over 500 user accounts. I have a text file listing the relevant user information, and I've written a shell script to read it and create the accounts. I'd also like to give each account a unique password, that is pre-expired so-to-speak, so that the user will have to change it during the first login. (I am able to invoke the passwd command from the script, but then I'd still have to type each password in from the keyboard, so that is not satisfactory.)


- John
0 Kudos
Reply
10 REPLIES 10
Ronelle van Niekerk
Regular Advisor

‎09-11-2003 02:04 PM

‎09-11-2003 02:04 PM

Re: set passwords from a script or program

Expect would be the best way to do this - what problems did you have installing it?

The other option is to leave the passwords blank (no passwd) for all the users and just do a passwd -f on them.
That way they'll log on without a password but will have to set one immediately.
rm -r /it/managers
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-11-2003 02:24 PM

‎09-11-2003 02:24 PM

Re: set passwords from a script or program

This script can be modified to do the job.

It reads a copy of /etc/passwd because I needed to add users from one system to another, but you can make it read a text file.

It can set the passwd, do the passwd -f anything you want.

Attached.

Origination: Pete Randall post.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
John Kittel
Trusted Contributor

‎09-11-2003 02:56 PM

‎09-11-2003 02:56 PM

Re: set passwords from a script or program

Ronelle,

I like the passwd -f suggestion and I'll probably go with that. Somehow I'd missed that possibility when looking all over the place for solutions.

problems I had with expect:

The source distributions for expect and tcl I found on the software porting and archive center for hpux looked like they required the hp ansi c compiler, which we don't have. Or, they could use gnu c, but I didn't want the hassle of trying to get gnu c working. The binary distribution for expect installed ok, but it said it required tcl 8.0p2, and when I installed the binary distribution of that and then tried an expect test program, the program blew up claining that a tcl8.3 library did not exist (duh!). It had taken me 2 days and some consternation to get to this point, so I decided to see if there was any easier way. I'm a complete novice at installing open s/w on my hpux system and was nervous at doing any of this to begin with...

- John
0 Kudos
Reply
John Kittel
Trusted Contributor

‎09-11-2003 03:03 PM

‎09-11-2003 03:03 PM

Re: set passwords from a script or program

Ronelle,

I meant to give you 6 points, but clicked the wrong place. Very sorry. I don't see how to change points once assigned, not sur eif it's possible.

- John
0 Kudos
Reply
John Kittel
Trusted Contributor

‎09-11-2003 03:11 PM

‎09-11-2003 03:11 PM

Re: set passwords from a script or program

Steven,

I don't see how your script is able to set a password in a new account...

Perhaps I'm missing something?

- John
0 Kudos
Reply
Brian Crabtree
Honored Contributor

‎09-11-2003 03:46 PM

‎09-11-2003 03:46 PM

Re: set passwords from a script or program

John,

I would recommend downloading the HP Ansi/C bundle anyway. Expect is useful to have for this sort of thing, as well as changing passwords on accounts on multiple systems. I can upload a modified passmass file that I use for this, that doesn't have all of the horrible output if you like.

Thanks,

Brian
0 Kudos
Reply
John Kittel
Trusted Contributor

‎09-11-2003 03:53 PM

‎09-11-2003 03:53 PM

Re: set passwords from a script or program

Brian,

I can get Ansi C for free? e.g. I don't have to buy a license for it? If so, I'll definitely do it.

If you don't mind, I'll take the modified passmass, even though it's possible I may not ever get around to using it; and since I haven't run the regular version before I'm not sure what horrible output you mean, but I'll take your word for that.

- John
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-11-2003 04:12 PM

‎09-11-2003 04:12 PM

Solution

Re: set passwords from a script or program

Hi John,

Expect is the better way. Believe me, I had the same issues. I adjusted quite a few things by linking/renaming directories and finally got it working.

If it is only on one system, you can probably write a shell script that will do a sed of /tcb/files/auth/(firstletter)/login and replace the encrypted password.

You can use /usr/lib/makekey routine to get the encrypted password. However, makekey will except 8 chars + last two being the salt. So, you will have to limit your password to 8 chars and add two random characters later. If you have less than 8 chars, you will need to add \0 to it to get it working. This is the easy way.

If you really want to have more than 8 char password, then you will need to incorporate 'bigcrypt' function. Compile the following C code to generate the encrypted password.

#include
#include
#include
#include
#include


main(argc,argv)
int argc;
char *argv[];
{
char *p;

p=bigcrypt(argv[1],argv[2]);


printf("%s",p);

}

It takes first argument as the password and the second argument as salt (two chars) and prints out the encrypted password.

Test with one or two accounts by manually pasting the encrypted password. If it works, then you can automate it.


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Brian Crabtree
Honored Contributor

‎09-11-2003 04:23 PM

‎09-11-2003 04:23 PM

Re: set passwords from a script or program

I do want to stress that this is not an original work, but a modification of an original work.

The GCC compiler can be downloaded here:
http://h21007.www2.hp.com/dspp/tech/tech_TechSoftwareDetailPage_IDX/1,1703,547,00.html

Here is a Forum link with links to other expect pages:
http://bizforums.itrc.hp.com/cm/QuestionAnswer/0,,0x807f227a6ab4d711900a0090279cd0f9,00.html

or http://expect.nist.gov.

Hope this helps,

Thanks,

Brian
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎09-11-2003 04:29 PM

‎09-11-2003 04:29 PM

Re: set passwords from a script or program

Hi John,
A very easy way for you.
1.Below is the c program which will give you the encrypted password. (usage a.out )
2. Use /usr/sam/lbin/usermod.sam -p
This will update your password with the new one.
3. Use passwd -f option this will force them to change the password the next time they login.

#include
#include

main(argc, argv)
int argc;
char *argv[];
{

char salt[3];
char *EncryptedPasswd;
int CheckRand;
int Fixup;
int SeedChar;

printf("\nUsage: pw \n\n");

/* Generate a random starting point for seed charcaters */

srand(time(NULL));
for ( SeedChar = 0; SeedChar <= 1; SeedChar++) {
CheckRand = 46 + rand() % 76; /* random number from 46 to 122 */
Fixup = 7 + rand() % 13; /* random number from 7 to 20 */
salt[SeedChar] = toascii(((CheckRand >= 58 && CheckRand <= 64) ||
(CheckRand >= 91 && CheckRand <= 96) ? CheckRand + Fixup : CheckRand));
}

EncryptedPasswd=crypt(argv[1], salt);
printf("\nRequested pw= %s, Automatic Seed= %s, encrypted pw= %s\n",
argv[1], salt, EncryptedPasswd);
}


cheers
Rajeev
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.