|
Home > Archive > Unix True 64 > January 2004 > Change Root Password on several systems.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Change Root Password on several systems.
|
|
| John Palmer 2004-01-23, 6:51 pm |
| We are needing to change "Root" password on a bunch of systems
monthly. Any suggestions besides having to log into every system and
manually change it?
These are internal systems so sending the password over the network
isn't as big a concern as trying to automate it. Tru64 V5.1B with
Enhanced Security.
| |
| Paul A Sand 2004-01-23, 6:51 pm |
| In article <f97ccb50.0401130959.7f4f7f7e@posting.google.com>, John Palmer wrote:quote:
> We are needing to change "Root" password on a bunch of systems
> monthly. Any suggestions besides having to log into every system and
> manually change it?
> These are internal systems so sending the password over the network
> isn't as big a concern as trying to automate it. Tru64 V5.1B with
> Enhanced Security.
There are two independent things involved here:
(1) doing anything as root on a bunch of systems without manual
login.
(2) changing the root password non-interactively.
For (1), we use ssh.
For (2), we use something like
edauth -g1 root | sed 's^u_pwd=OLDPWD^u_pwd=NEWPWD^' | edauth -s
where you substitute the old and new encrypted passwords for OLDPWD and
NEWPWD respectively. Which probably means you have to do this by hand on
one system to get the "new" encrypted password. Maybe there's some clever
way to write the sed part so you don't need to know the old encryption,
but we haven't figured that out.
--
-- Paul A. Sand | What do you want for tens of
-- university of New Hampshire | thousands of dollars, anyway?
-- pas@unh.edu | (David Lum)
-- http://pubpages.unh.edu/~pas |
| |
| Paul Pluzhnikov 2004-01-23, 6:51 pm |
| jpalmer@eds.com (John Palmer) writes:
quote:
> We are needing to change "Root" password on a bunch of systems
> monthly. Any suggestions besides having to log into every system and
> manually change it?
Expect distribution (http://expect.nist.gov) contains passmass script
(http://expect.nist.gov/example/passmass.man.html) for doing just that.
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
| |
| Sylvain Robitaille 2004-01-23, 6:51 pm |
| Paul A Sand wrote:
quote:
> edauth -g1 root | sed 's^u_pwd=OLDPWD^u_pwd=NEWPWD^' | edauth -s
>
> ... Maybe there's some clever way to write the sed part so you don't
> need to know the old encryption, but we haven't figured that out.
I can gladly help with that part (using the same command format as
above):
edauth -g1 root | sed 's^u_pwd=[^:]*:^u_pwd=NEWPWD:^' | edauth -s
(I add in the colon at the end of the regular expression just because it
helps me reassure myself that the complete pattern I'm after will be
substituted, but I've also tested 's^u_pwd=[^:]*^u_pwd=NEWPWD^' with
equal success...)
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
|
|
|
|
|