Changing root Password on multiple machines

Changing root Password on multiple machines

Post by tusharpa.. » Sat, 12 Aug 2000 04:00:00



Hi,

I know someone must have done this. I am trying to change the root
password or any password on multiple unix servers (70-80) which doesnt
run NIS/NIS+. Can someone help me do this.

Thanks,
-tv

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Changing root Password on multiple machines

Post by Jim Tenc » Sat, 12 Aug 2000 04:00:00


Check out expect (as mentioned loads of times in this group).  I recently
went through this and tried all sorts and the only real way turned out to
be expect.  The problem is that passwd doesn't read stdin, it attaches
itself to the tty.

Jim

Quote:> Hi,

> I know someone must have done this. I am trying to change the root
> password or any password on multiple unix servers (70-80) which doesnt
> run NIS/NIS+. Can someone help me do this.

> Thanks,
> -tv

> Sent via Deja.com http://www.deja.com/
> Before you buy.

--

Jim Tench AKA Buzz Lightyear, Space Ranger.

Please remove ZZ from my mail address to reply.

 
 
 

Changing root Password on multiple machines

Post by tusharpa.. » Sun, 13 Aug 2000 04:00:00


Thanks,

But I am trying to accomplish this with :sed: My first step is to
replace the password string for root with another password. You know
you can get rid of original password string in 2nd field in /etc/shadow
file and replace it with another string generated by a known password.
So what I am trying to do is, generate a new password on one machine
and then rsh each machine and change the root password string with the
new string which I generated. My problem is, I need a start, how to
use "sed" to replace a string or line with another line. I am trying
several things but all seems in vain.

-Any help will be appreciated.

=Thanks,
tk



> Check out expect (as mentioned loads of times in this group).  I
recently
> went through this and tried all sorts and the only real way turned
out to
> be expect.  The problem is that passwd doesn't read stdin, it attaches
> itself to the tty.

> Jim

> > Hi,

> > I know someone must have done this. I am trying to change the root
> > password or any password on multiple unix servers (70-80) which
doesnt
> > run NIS/NIS+. Can someone help me do this.

> > Thanks,
> > -tv

> > Sent via Deja.com http://www.deja.com/
> > Before you buy.

> --

> Jim Tench AKA Buzz Lightyear, Space Ranger.

> Please remove ZZ from my mail address to reply.

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

Changing root Password on multiple machines

Post by Cyrille Lefevr » Mon, 14 Aug 2000 04:00:00


tusharpa...@my-deja.com writes:
> But I am trying to accomplish this with :sed: My first step is to
> replace the password string for root with another password. You know
> you can get rid of original password string in 2nd field in /etc/shadow
> file and replace it with another string generated by a known password.
> So what I am trying to do is, generate a new password on one machine
> and then rsh each machine and change the root password string with the
> new string which I generated. My problem is, I need a start, how to
> use "sed" to replace a string or line with another line. I am trying
> several things but all seems in vain.

the following script is a quick and dirty script I've just extended w/
makekey (from FreeBSD) and echo (from me a few minutes ago inspired
from FreeBSD echo and printf) builtins... have fun.

#!/bin/sh

# Copyright (c) 2000 Cyrille Lefevre. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

PATH=/usr/bin:/usr/sbin:/bin:/sbin:/usr/ucb:/usr/ccs/bin:$PATH

host=`hostname`

case $host in
somehost)
        clear_text_passwd=somepasswd ;;
otherhost)
        clear_text_passwd=otherpasswd ;;
dont|change|of|these|hosts)
        exit ;;
*)
        clear_text_passwd=small ;;
esac

# test=true
if [ ${test:-false} = true ]; then
        etc_dir=/tmp
else
        etc_dir=/etc
fi
passwd_file=$etc_dir/passwd
shadow_file=$etc_dir/shadow
if [ -f /usr/lib/makekey ]; then
        makekey=/usr/lib/makekey
elif [ -f /usr/libexec/makekey ]; then
        makekey=/usr/libexec/makekey
else
        makekey=/tmp/makekey
        cat << \EOF > $makekey.c
/*-
 * Copyright (c) 1990, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by the University of
 *      California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/types.h>

#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

static void get ();

int
main()
{
        int len;
        char *r, key[9], salt[3];

        get(key, sizeof(key) - 1);
        get(salt, sizeof(salt) - 1);
        len = strlen(r = crypt(key, salt));
        if (write(STDOUT_FILENO, r, len) != len) {
                perror ("stdout");
                exit (1);
        }
        exit(0);

}

static void
get(bp, len)
        char *bp;
        register int len;
{
        register int nr;

        bp[len] = '\0';
        if ((nr = read(STDIN_FILENO, bp, len)) == len)
                return;
        if (nr >= 0)
                errno = EFTYPE;
        perror ("stdin");
        exit (1);

}

EOF
        make $makekey || exit
fi
c=`echo '\0000'`
if expr "$c" : . = 2; then
    echo=echo
else
    echo=/tmp/echo
    cat << \EOF > $echo.c # quick and dirty echo ;^)
/*
 * Copyright (C) 2000 Cyrille Lefevre. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */

#include <stdio.h>

int
main (argc, argv)
     int argc;
     char **argv;
{
  int nl = 1;

  if (*++argv && !strcmp(*argv, "-n")) {
    ++argv;
    nl = 0;
  }

  while (*argv) {
    for (; **argv; ++*argv) {
      int c;

      if (**argv != '\\') {
        putchar (**argv);
        continue;
      }

      switch (*++*argv) {

      case 'c': nl = 0; continue;

      case '\0': --*argv;
      case '\\': c = '\\'; break;

      case 'a': c = '\7'; break;
      case 'b': c = '\b'; break;
      case 'f': c = '\f'; break;
      case 'n': c = '\n'; break;
      case 'r': c = '\r'; break;
      case 't': c = '\t'; break;
      case 'v': c = '\v'; break;

      case '0': case '1': case '2': case '3':
      case '4': case '5': case '6': case '7': {
        int n = 3 + (**argv == '0');
        for (c = 0; n-- && **argv >= '0' && **argv <= '7'; ++*argv) {
          c <<= 3;
          c += **argv - '0';
        }
        --*argv;
        break;
      }

      default:
        c = **argv;
      }

      putchar (c);
    }

    if (*++argv)
      putchar (' ');
  }

  if (nl)
    putchar ('\n');

  return (0);

}

EOF
    make $echo
fi

salt=`date +%%%s | $makekey`
salt=`expr "$salt" : '.....\(..\)......'`

len=`expr "$clear_text_passwd" : '.*'`
if [ "$len" -gt 8 ]; then
        clear_text_passwd=`expr "$clear_text_passwd" : '\(........\)'`
else
        while [ $len -lt 8 ]; do
                clear_text_passwd="$clear_text_passwd\0000"
                len=`expr "$len" + 1`
        done
fi
encrypted_passwd=`$echo "$clear_text_passwd$salt" | $makekey`

if [ -f $shadow_file ]; then
        cp $shadow_file $shadow_file.old &&
        awk -F: '
BEGIN { OFS=":" }
/root:/ { $2 = encrypted_passwd }
/:/
' encrypted_passwd=$encrypted_passwd $shadow_file.old > $shadow_file

        encrypted_passwd=x
fi

        cp $passwd_file $passwd_file.old &&
        awk -F: '
BEGIN { OFS=":" }
/root:/ { $2 = encrypted_passwd; $5 = "root@" host }
/^sys:/ { $5 = "sys@" host }
/^adm:/ { $5 = "adm@" host }
/:/
' encrypted_passwd=$encrypted_passwd host=$host $passwd_file.old > $passwd_file

Cyrille.
--
home: mailto:clefevre%no-s...@citeweb.net.invalid
work: mailto:Cyrille.Lefevre%no-s...@edf.fr.invalid
Supprimer "%no-spam" et ".invalid" pour me repondre.
Remove "%no-spam" and ".invalid" to answer me back.

 
 
 

1. How to change/update root password on multiple mahcine automatically?

hi,
does anybody know a way to automate changing the root password on multiple (100+) unix machines? these machines are on different nis domain.
thank you

--
Sent by usenet-replayer from jhl  included in  co in area th
This is a spam protected message. Please answer with reference header.
Posted via http://www.usenet-replayer.com/cgi/content/new

2. where can i get the gcc binaries for x86

3. changing NIS+ root master root password

4. Network fax information requested

5. Digital UNIX, C2 -> change root password as non-root

6. screendump?

7. Can't set root password- Password busy error -is not due to temp password file

8. FTP: no messages for anon.??

9. Need to synchronize password files on multiple machines

10. Password Syncing Amongst Multiple Machines

11. Password selection practice for multiple unix machines.

12. Multiple Simultaneous password changes?

13. How do I change passwords on multiple systems from a single script?