massive paswd changes

massive paswd changes

Post by the_sightless_.. » Fri, 05 May 2000 04:00:00



recently changed 30 -40 machines root passwords.
All these machines have the same root passwords.
They're all on a network.
They all have almost identical loads in terms of code level etc.
Surely there must be a way to automate with using a script?

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

massive paswd changes

Post by vddev.. » Fri, 05 May 2000 04:00:00



> recently changed 30 -40 machines root passwords.
> All these machines have the same root passwords.
> They're all on a network.
> They all have almost identical loads in terms of code level etc.
> Surely there must be a way to automate with using a script?

> Sent via Deja.com http://www.deja.com/
> Before you buy.

if this is a regular thing I would suggest implementing NIS and use
yppasswd...

C. DeVille

 
 
 

massive paswd changes

Post by John Jaszcza » Sat, 06 May 2000 04:00:00



Quote:> recently changed 30 -40 machines root passwords.
> All these machines have the same root passwords.
> They're all on a network.
> They all have almost identical loads in terms of code level etc.
> Surely there must be a way to automate with using a script?

Look into doing two things.
1) Install SSH2 so that the passwords (especially root passwords) are not
passed in cleartext across the network
2) Get Expect!
    Expect is a software suite for automating interactive tools. It is based
on Tcl and it allows you to build a script which handles interactive tasks
(tasks which provide a prompt and expect a response from a keyboard). There
are even sample programs written by Don Libes such at "passmass" which is
the basic framework for what you want to do. Expect is freely available and
it isn't too tough to modify the example programs in a short time to get
something usefull.
If you can write scripts, you can understand the expect stuff. I would
recoomend getting your hands on the O'Reilly book "Exploring Expect" as it
fills in the gaps.

SSH2 is availbe for a fee from F-Secure www.F-Secure.com and it is the part
that encrypts your sessions between remote hosts.

I did pretty much the same thing you are describing and it took me about
three days of tinkering to come up with a workable solution. The biggest
deal with expect is knowing what sort of prompts you will get for a given
action. Also be aware that you need to know what a standard command line
prompt is going to be, so if you muck with the "PS1" prompt, you have to
take that into account. You can also use expect and SSH2 to allow your users
to set their passwords on multiple hosts via a single script. Of course it
will be much easier to do if their "PS1" prompts are all pretty much the
same.

-JAZZ

 
 
 

massive paswd changes

Post by WWells15 » Sun, 07 May 2000 04:00:00


There is actually a canned expect script called passmass (or something similar)
that changes passwords on multiple hosts. It should be available somewhere on
the scriptics TCL site.
 
 
 

massive paswd changes

Post by Dr. Marku » Tue, 09 May 2000 04:00:00




Quote:> There is actually a canned expect script called passmass (or something
similar)
> that changes passwords on multiple hosts. It should be available
somewhere on
> the scriptics TCL site.

Hi,
another way to do this would be to find the crypted password-string and
replace the old crypted password with the new one in each /etc/passwd
with a script using sed via rsh - or for security-matters ssh.
Be careful to use a different seperating character for sed than /, as
crypted passwords can contain /'es (I think pipes should work fine, >>
man sed).
Of course all of this is VERY insecure, but security doesn't seem to be
such a big thing for you, as all machines have the same root-passwords
...
hth,
regards, Markus

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

massive paswd changes

Post by vkravind.. » Wed, 10 May 2000 04:00:00





> > recently changed 30 -40 machines root passwords.
> > All these machines have the same root passwords.
> > They're all on a network.
> > They all have almost identical loads in terms of code level etc.
> > Surely there must be a way to automate with using a script?

> > Sent via Deja.com http://www.deja.com/
> > Before you buy.

> if this is a regular thing I would suggest implementing NIS and use
> yppasswd...

> C. DeVille

> NIS is not a recommended method for root passwords....

Ravi

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

massive paswd changes

Post by Joe Moo » Thu, 18 May 2000 04:00:00




>recently changed 30 -40 machines root passwords.
>All these machines have the same root passwords.
>They're all on a network.
>They all have almost identical loads in terms of code level etc.
>Surely there must be a way to automate with using a script?

(Not tested, but should work.)

passwd root
grep -p root /etc/security/passwd > password.dat
rsh $OTHERSERVER cp /etc/security/passwd /etc/security/passwd.YYYYDDMM
rsh $OTHERSERVER "(cat ; grep -v -p root /etc/security/passwd) \
        > /etc/security/passwd" < password.dat
rm password.dat

This is relatively secure, since only the encrypted form of the password
passes over the network.  However, it relies on the unsecure rsh protocol.

--Joe
--
They say never to buy a "0" release of software.
Windows 2000 has 3 of 'em.

 
 
 

1. Help with massive uid/gid change.

Hello
I have to change the uid/gid numbers for all the users on a system
I'd like to do it doing one pass over the file system and not by
doing n times 'find ....' for n=the number of users.
I have an old /etc/passwd file and a new one and wish to use them
as the base for this number swapping process.
I have perl and all standard unix available.
Many thanks.
Ofer Lapid

2. generating your own server certificates

3. fddev fixes due to massive change.

4. Millennium proof?

5. Massive change of user account attribute

6. netatalk/RH6 hassles revisited

7. mkuser and random paswd generation

8. Auto-disconnection of idle telnet sessions?

9. Weird things...cann't use paswd

10. Massive fstab mount boot problem

11. recover data from big massive corrupted tar file

12. help!! massive install problems

13. Massive Probes from Korea