Solved

Giving passwords from command line

Posted on 2000-03-08
5
495 Views
Last Modified: 2010-04-21
Hi,

I need a utility that will enable me to assign passwords to users from command line.  I.e I want to be able to do something like this

paswd --newpass p asdf user

passwd command on the system is interactive and cannot assign passwords from command line.   We need a way thats reliable, quick and something that can work on a multi user system.

We keep passwords in the shadow file.  I'm working on SunOS 5.6.  We have thousands of users.

Thanks in advance
0
Comment
Question by:bozkirli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 2595389
Download and install "expect", a scripting language, from:  
http://dev.scriptics.com/ (sources, binaries, apps & more!)  

Create a shell script looking something like this:

#!/usr/local/bin/expect --

spawn /usr/bin/passwd $1
expect "New password:"
send "$2\r"
expect "Re-enter password:"
send "$2\r"

Execute this script with the username and new password as command line
parameters.

The shadow password file won't be a problem, as you're still using the
standard "passwd" command, but using expect to dummy the input.

For a good manual & examples for expect scripts, look at:
http://www.oreilly.com/catalog/expect/chapter/ch03.html 
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2608283
Expanding on tfewster's comment...

You need expect and an expect script to set the password. Solaris 2.6 & above have a fancier passwd command than previous versions, which you might need to take advantage of. The expect script below can selectively set a user's password in any of the authentication services Solaris supports via passwd. As a bonus, it also works on Linux

---snip, snip, - begin newpass---
#!/usr/bin/expect --
#
# NAME
#       newpass - set user's passwd from the command line non-interactively
#
# SYNOPSIS
#       newpass user password [files|nis|nisplus]
#
# DESCRIPTION
#       When run as root, this script will interact with passwd and set
#       "password" for the specified "user". The script knows about both
#       Solaris and Linux and, in the case of Solaris, can explicitly
#       set the password in any of the three possible services
#       (files, nis, or nisplus). If not specified, the system default
#       for authentication is used.
#
# Author: Jim Levie (jlevie@bellsouth.net)
#
log_user 0
set LinuxOS 0
set svc "default"
if {[exec uname -s] == "Linux"} { set LinuxOS 1 }
if {!$LinuxOS && $argc == 3} {
    if {[lindex $argv 2] == "files" || [lindex $argv 2] == "nis"
      || [lindex $argv 2] == "nisplus"} {
      set svc "[lindex $argv 2]"
    } else {
      send_error "Usage: newpass user passwd \[files|nis|nisplus\]\n"
      exit 1
    }
} elseif {$LinuxOS && $argc != 2} {
    send_error "Usage: newpass user passwd\n"
    exit 1
} elseif {$argc < 2 || $argc >3} {
    send_error "Usage: newpass user passwd \[files|nis|nisplus\]\n"
    exit 1
}
set user [lindex $argv 0]
set pass [lindex $argv 1]
#
# Solaris 2.6 & later needs the -r option to specify which
# password service (files, nis, nisplus) see man passwd.  Linux
# has passwd in a different location and doesn't need the
# service specification. (Note that I no longer have anything
# earlier than 2.6 to test with, you've been warned... there be
# dragons here).
#
# BIG NOTE!!! Linux has to have the "sleep 1" between each of
# the "expect/send" pairs. It puts out the prompt before it's actually
# ready to take input. You can comment them out for Solaris, but
# it doesn't hurt for them to be there and might be a plus
# busy server. (there be really big dragons here...)
#

if {$LinuxOS} {
    spawn -noecho /usr/bin/passwd $user
} else {
    if {$svc == "files"} {
      spawn /bin/passwd -r files $user
    } elseif {$svc == "nis"} {
      spawn /bin/passwd -r nis $user
    } elseif {$svc == "nisplus"} {
      spawn /bin/passwd -r nisplus $user
    } else {
      spawn /bin/passwd $user
    }
}

if {$LinuxOS} { sleep 1 }
expect {
    -re "(.*) does not exist" {
      send_error "unknown user: $user\n"
      exit 1
    } -re "(.*) Unknown user(.*)" {
      send_error "unknown user: $user\n"
      exit 1
    } default {
      send_error "$expect_out(buffer)"
      exit 1
    } -re "New (.*)password:"
}
send "$pass\r"
if {$LinuxOS} { sleep 1 }
expect {
    -re "passwd.SYSTEM.(.*)" {
      send_error "$expect_out(buffer)"
      exit 1
    } -re "BAD(.*)" {
      send_error "$expect_out(buffer)"
      exit 1
    } default {
      send_error "Unknown error from passwd\n"
      exit 1
    } -re "Re(.*) password:"
}
send "$pass\r"
if {$LinuxOS} { sleep 1 }
expect {
    -re "passwd(.*) try again" {
      send_error "$expect_out(buffer)"
      exit 1
    } -re "Sorry,(.*)" {
      send_error "$expect_out(buffer)"
      exit 1
    } default {
      send_error "Unknown error from passwd\n"
      exit 1
    } -re "(.*) successfully changed (.*)" {
      send_user "Password changed\n"
      exit 0
    } -re "(.*) updated successfully" {
      send_user "Password changed\n"
      exit 0
    }
}
close
wait
send_user "\n"

0
 
LVL 21

Expert Comment

by:tfewster
ID: 2610365
Nice one Jim - BTW, take a look at http://www.experts-exchange.com/jsp/qShow.jsp?ta=unixprog&qid=10306983  - another Q. on "expect" & I'm way out of my depth

  __|__
  \___/
~~~~~~~~
 O
  o
   .
  :(
0
 
LVL 14

Accepted Solution

by:
canali earned 150 total points
ID: 2649209
I resolved the problem using a utility for creating the crypted new password and then changing shadow file or nis master passwod file with a script.

gcp.c compiled with gcc on a solaris 5.6
(generate crypted password) work fine

paswd bourne shell script
I adapted 4 you the bourn script

#paswd
#!/bin/sh
#backup shadow
cp /etc/shadow ./shadow.`date '+%d_%b_%y.%T'`
cat /dev/null>shadow.new
cat /etc/shadow|nawk -v USER=$1 -v NEWCRYPTPWD=`./gcp "$2"`  '{FS=":";OFS=":"}\
   $1 != USER {print $1,$2,$3,$4,$5,$6,$7>>"shadow.new"}\
   $1 == USER {print $1,""NEWCRYPTPWD"",$3,$4,$5,$6,$7>>"shadow.new"}'

/**************gcp.c**************/

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/timeb.h>

static      char      Salt[3];
static      void      GenSalt();

main(int argc, char *argv[])
{
char pwd[20], *p;

if ( argc != 2 ) {
    printf("Uso: %s password\n",argv[0]);
    exit(1);
}
GenSalt();
strcpy(pwd,argv[1]);
p = crypt(pwd,Salt);
printf("%s\n",p);
}

static void GenSalt()
{
    int cnt;
    long r;
    time_t t;
    struct timeb tb;

    //time(&t);
    ftime(&tb);
    t = tb.time + tb.millitm;
    srandom(t);
    memset(Salt,'\0',3);
    cnt = 0;
    while ( cnt < 2 ) {
        r = random() & 0x7f;
        if (( r >= 46 && r <= 57 ) || ( r>=65 && r <= 90 ) || ( r >= 97 && r <= 122 )) {
            Salt[cnt] = r;
            cnt++;
        }
    }
}

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2651922
Yeah, I've done that too, how are you going to handle NIS+, what about systems using MD5 authentication via pam? The expect script does as it uses the system password program...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question