setting user passwords without having root password
2007-12-25 7:54:00
last Friday I asked some questions about setting user passwords:
> Can somebody please help me to solve the following problems
> on Sparcstations with SunOS 4.1 and 4.1.1:
>
> 1. Our user administrator should be able to change passwords for all
> users with UID say greater than 100. However he should not know the
> root password.
>
> 2. We want to set some constraints on the election of passwords, e.g.
>
> - 6 characters minimum
> - at least to alphabetic characters
> - at least one character must be numeric or a special character
> - the user should be forced to set a new password at first login
> and then after regular intervals
>
> 3. The establishment of a new user account should be automated.
> How can I manage that the initial password is read from a file
> and not from the terminal?
I got 12 answers from
blymn@baobab.awadi.com.AU (Brett Lymn)
svend.back@Germany.Sun.COM (Svend Back)
ari.ronkainen@vtt.fi (Ari Ronkainen - VTT/ELE)
A.J.C.Blyth@newcastle.ac.uk (Andrew Blyth)
David Lee <T.D.Lee@durham.ac.uk>
mlg@cstp.umkc.edu (Meg Grice)
rwolf@dretor.dciem.dnd.ca (Robert J Wolf)
era@niwot.scd.ucar.EDU (Ed Arnold)
macphed@dvinci.usask.ca (Ian MacPhedran)
Daneel Pang <daneel@Trantor.DSO.gov.SG
Perry_Hutchison.Portland@xerox.com
ups!kevin@fourx.Aus.Sun.COM (Kevin Sheehan {Consulting Poster Child})
Many thanks for your hints!
And here is the summary:
There are some packages available that should do (part of) the job:
npasswd from ftp.cc.utexas.edu in pub/npasswd/npasswd.tar.Z
passwd+ from dartmouth.edu in pub/security/passwd+.tar.Z
expect from e.g. cac.washington.edu in local/bin.sparc
cs.dal.ca in pub/comp.archives
svin01.win.tue.nl in pub/programming
crack from cert.org in pub/tools/crack/crack_4.1.tar.Z
cops from cert.org in pub/tools/cops/1.04/cops_104.tar.Z
Sunshield a.k.a ARM from ?
The Obvious Password Detector (OPD), from comp.sources.unix, nov 88. from ?
The OPUS Project passwd program, discussed in proceedings of the 14th
Natl Computer Security Conference (Oct 91) from ?
su2 from ?
sudo from ?
And I got a nice hack from Svend Back how to read passwords from
variables or files when using /bin/passwd:
----------- begin chpasswd -----
#!/bin/sh
# usage: chpasswd user passwd
# Change a passwd without user intervention
user=$1
passwd=$2
if [ "X$2" = X -o "X$1" = X ]
then
echo "usage: $0 user passwd"
exit 1
fi
trap "mv /dev/tty- /dev/tty; rm /etc/passwd.$$; exit" 0 1 2 3
# The trick is to move /dev/tty away and simulate input
mv /dev/tty /dev/tty-
echo $passwd > /dev/tty
cp /etc/passwd /etc/passwd.$$
echo "change passwd for [$user] to [$passwd]"
passwd -F /etc/passwd.$$ $user
cp /etc/passwd.$$ /etc/passwd
-------- end chpasswd -----
Thanks again for all your help
Martin Spohn
Zentrum fuer Datenverarbeitung Telefon: +49 7071 296970
Abteilung Netze E-Mail:
Universitaet Tuebingen SMTP: spohn@mailserv.zdv.uni-tuebingen.de
Brunnenstrasse 27 X.400: C=de;A=dbp;P=uni-tuebingen;OU=zdv;S=spohn
D-7400 Tuebingen
Comments
Got something to say?
You must be logged in to post a comment.
