webmin (password) with trusted system

HAMOU · ‎08-27-2003

HI,

I want to change all the users password with a file list in webmin, but it doesn't work with trusted system.
Can you help me because i don't want to change one by one all the password (> 250).

Best regards,

Mansour.

Stefan Farrelly · ‎08-27-2003

use the /usr/lbin/modprpw command to expire a list of accounts. See attached man page for modprpw.

Im from Palmerston North, New Zealand, but somehow ended up in London...

Steven E. Protter · ‎08-27-2003

I am attaching a utility script which I will explain.

This script uses a copy of the /etc/passwd file /root/passwd

It reads the user name out of the passwd file and lets you do all kind of mass operations on them.

You can use this to generate your list.

You need to edit that datafile and take out any system users, users with id less than 100.

I am somewhat confused on your question though. Are you trying to have all your users log onto a web page and change their passwords that way?

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Darren Prior · ‎08-27-2003

Hi Mansour,

As far as I'm aware - the useradmin module of webmin isn't supported by HP; it's therefore likely that it isn't aware of trusted systems. Webmin is best used for administering your web server.

There's some ideas earlier in this thread of ways of changing passwords using scripts.

regards,

Darren.

Calm down. It's only ones and zeros...

HAMOU · ‎08-27-2003

So,

We have a HP9000 HPUX 11i, on this machine we have a application.
I want to change all the users password on the HP9000, in webmin we can use a file with a define description to change somes fields of /etc/passwd.
But as we are in trusted system, the /etc/passwd file is change but not the /tcb/files/auth/.... file.
If you have a idea?

Best regards,

Mansour.

Bill Hassell · ‎08-27-2003

Webmin code is written by various contributors and Trusted systems must be habdled very differently. The Webmin code is usually written in Perl so the existing password maintenance module needs to be rewritten to handle the tcb database.

Bill Hassell, sysadmin

W.C. Epperson · ‎08-28-2003

The HP guys can't say this, because the "back end" commands are not directly supported for command line use--they're to be called by SAM, etc.

It's not clear why you'd want to change everyone's password: if you explain what you're trying to accomplish, there may be other ways to do it. If you just want everyone's password to expire, you could use the back end command modprpw (see http://forums.itrc.hp.com/cm/components/FileAttachment/0,,0xb067ded2442ed5118fef0090279cd0f9,00.txt

If you truly want to do what you say via webmin, and Trusted System is your problem, you can unconvert/reconvert:

/usr/lbin/tsconvert -r

/usr/lbin/tsconvert

YMMV

"I have great faith in fools; self-confidence, my friends call it." --Poe

HAMOU · ‎08-28-2003

I just want to change all the users password from a file like 'username:password' except root of course.
It's only me who change the password whith id root.
If i can do it whitout using webmin it's OK for me.
Are you oblige to unconvert/reconvert to change password in trusted system, because i have read that if you convert in trusted system all the password are reset.
Have another solution ?

Thanks,

Mansour.

W.C. Epperson · ‎08-28-2003

I mentioned tsconvert -r because you wanted to do this with webmin and it supports only traditional passwords.

You still don't say why you want to do this. If we knew your business requirement, there might be alternative solutions.

What's the reason for changing the passwords? Do the users have to be able to login again after you change the passwords? How would they get their new passwords?

"I have great faith in fools; self-confidence, my friends call it." --Poe

HAMOU · ‎08-28-2003

So, we have a production application ERP BAAN, it's like People soft or Oracle application.
We want to change the password because there are so easy to find them.
After we change the UNIX password, they can connect to the application like the others days with the new password.
We send their new password by mail.

Thanks for your answers.

Mansour.

W.C. Epperson · ‎08-28-2003

Ah. Well, then. Is there a reason that just making them change their own passwords won't work?

/usr/lbin/modprpw -E will force every user to change their password at next login. You have some control over the format of passwords via SAM in Auditing and Security-->System Security Policies-->Auditing and Security.

Otherwise, you're going to be down to writing a script that reads your file, runs the clear text password through crypt(), then calls modprpw per user with the -e password setup.

Good luck!

"I have great faith in fools; self-confidence, my friends call it." --Poe

Bill Hassell · ‎08-28-2003

It's not a good idea to convert back and forth between Trusted and standard password schemes. The Trusted system has a large amount of information about the pasword rules (size, content, expiration, re-use history, etc) that will all be lost when going back to standard. And if any of the users have created a long password, it won't work in the standard system and when converted back to Trusted, it still won't work because standard systems are limited to a maximum of 8 significant characters for passwords.

The modprpw command (undocumented for all of 10.xx through 11.0) finally got a manpage in 11.11, but alas (as is true for all backend commands found in /usr/lbin) the -w option for providing a password was removed.

Bill Hassell, sysadmin

HAMOU · ‎08-29-2003

W.C,

they have no access to UNIX but only to the application with a run time.
And it's me who generate the password.
Can help me to write the script, because i am not a specialist of shell script.
Ex file : 'username:password'

Thanks,

Mansour.

HAMOU · ‎09-04-2003

Hi,

I thanks all of you for your solutions.
Here is my solution and it's work.
It's my first shell script.

#! /bin/ksh
cat /rpt1/userfile | while read line
do
first=$(echo $line|awk -F: '{print substr($1,1,1)}')
S1=/tcb/files/auth/
S2=$(echo $line|awk -F: '{print $1}')
S3=$(echo $line|awk -F: '{print $2}')
S4=$(grep u_pwd $S1$first/$S2 | awk -F: '{print substr($2,7,2)}')
/usr/sam/lbin/usermod.sam -p `echo "$S3$S4" | /usr/lbin/makekey` $S2
done

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

webmin (password) with trusted system

webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system

Re: webmin (password) with trusted system