Is it possible to change a password from a script?

[theramster]

Hi,

I need to be able to change a users passwd using a script or program.

Is it possible to redirect the input from keyboard to a file so there is no need for the user to sit and type in there own password?

 

[alexhu]

Is it difficult for them then ?

Alex

 

[trifo]

Well, it is a bit risky game, but may work.

There is no ready_to_use tool for this task. The passwords are stored in the /etc/security/passwd file, encrypted. You have to create a script to edit that file.

I tried to find out a way to create encrypted password string, but no success.

Most probably you will have to use some C library functions of the AIX itself.

--Trifo

 

[ogniemi]

i guess this (expect script) will help you:

#!/usr/bin/expect -f

spawn passwd [lindex $argv 0]
set password [lindex $argv 1]
expect "password:"
send "$password\r"
expect "new password again:"
send "$password\r"
expect eof

 

[trifo]

ogniemi: would you please be so kind to explain this script? I am feelin totally dumb as I do not understand none of it.

--Trifo

 

[ogniemi]

So you have to install expect first.

for AIX you can get it from AIX toolbox:

ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/tcltk/expect-5.34-8.aix4.3.ppc.rpm

it requires 2 prerequisities:

ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/tcltk/tcl-8.3.3-8.aix4.3.ppc.rpm
ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/tcltk/tk-8.3.3-8.aix4.3.ppc.rpm


AIX toolbox packages are located here:

http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html

To install RPM packages you need the following:

ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/rpm.rte



When you have expect installed you can use the script I sent to you:

Example of working (below script run sets password the same as user login name):

# for i in guest1 guest2 guest3;do ./chgpasswd.exp $i $i;done
spawn passwd guest1
Changing password for "guest1"
guest1's New password:
Re-enter guest1's new password:
spawn passwd guest2
Changing password for "guest2"
guest2's New password:
Re-enter guest2's new password:
spawn passwd guest3
Changing password for "guest3"
guest3's New password:
Re-enter guest3's new password:
#

rgrds,
M.

 

[Ogzilal]

Hi,
This sample shell script and perl script will do the job. I use them everu day.

#
#korn shell script that calls perl script
#

#----------------------------------------------------
# create the user
#----------------------------------------------------

NEWLOGIN=try1
mkuser pgrp=staff groups=staff gecos="sample user name" home=/home/$NEWLOGIN login=true shell=/usr/bin/ksh $NEWLOGIN
if [ $? -ne 0 ]
then
echo "login $NEWLOGIN not created "
exit 1
fi

#----------------------------------------------------
# crypt the password for newlogin and add the stanza
# in /etc/security/passwd for AIX
#----------------------------------------------------
PASSWORD_FILE=/etc/security/passwd
PASSWORD=$NEWLOGIN # assign the login name to the password

whence -v perl 1>/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "perl not available in your PATH, please type in password"
# call interactive password assign
pwdadm $NEWLOGIN
else
# call automatic perl script to cryp the password
perl generate_crypted_pass.pl $PASSWORD_FILE $NEWLOGIN $PASSWORD
if [ $? -ne 0 ]
then
echo "error in generating crypted password"
echo "please type in password for $NEWLOGIN"
pwdadm $NEWLOGIN
fi
# clear the flags for login, so it's not prompted to
# change the password at first telnet connection
pwdadm -c $NEWLOGIN
fi
exit 0

#
#end of korn shell script that calls perl script
#

#
# begin of perl script named "generate_crypted_pass.pl "
# for generating crypted password
#

#-------------------------------------------------------------
# perl script for crypting readable password and writing
# the stanza in file passed as first parameter
#-------------------------------------------------------------
#!/usr/bin/perl

if ( $#ARGV < 2 ){
print &quot;Usage : $0 <password file> <login> <readable password>\n&quot;;
die;
}
use POSIX;
$ENV{'TZ'} = &quot;GMT&quot;;
#-------------------------------------------------------------
# get parameters
#-------------------------------------------------------------
$password_file=@ARGV[0];
$login=@ARGV[1];
$readable_password=@ARGV[2];

#-------------------------------------------------------------
# generate 2 chars ASCII for salt randomly in the set
# [./0-9A-Za-z]
#-------------------------------------------------------------

# generate first char

$hazard= int(rand()*100) + 26;
$c1=chr($hazard);
while ( $c1 !~ &quot;[./0-9A-Za-z]&quot; ) {
$hazard= int(rand()*100) + 26;
$c1=chr($hazard);
}
# generate 2nd char
$hazard= int(rand()*100) + 26;
$c2=chr($hazard);
while ( $c2 !~ &quot;[./0-9A-Za-z]&quot; ) {
$hazard= int(rand()*100) + 26;
$c2=chr($hazard);
}


# concatenate the 2 chars to make salt
$salt=&quot;$c1$c2&quot;;

# crypt the readable password
$crypted_password = crypt($readable_password,$salt) ;
# generate last modification time of password since epoch
$last_pass_change = POSIX::time() ;
#-------------------------------------------
# write the stanza in the password file
#-------------------------------------------
open (OUT, &quot;>>$password_file&quot || die &quot;cannot open $password_file: $!.\n&quot;;
print OUT<<EOF;
$login:
password = $crypted_password
lastupdate = $last_pass_change
flags =

EOF
exit 0
#
#end of perl script for generating crypted password
#

Regards
Hope thi shelps

 

[theramster]

Hi All,

Thanks very much to everyone for your response..

This will help me out.

theram