Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Solaris password management

Status
Not open for further replies.
vaxmac

vaxmac

MIS
Oct 3, 2006
6
US
I have a large amount of Solaris servers whose root password get changed every month. Is there any secure way I can make a password change one server and propagate it across all servers without login in to each server?
 
Sort by date Sort by votes
I don't know what a expect script is. Can you explain this script just a little for me?
 
Upvote 0 Downvote
Alternatively, look into autoexpect which is a tool that will help you create your expect script by recording the keys that you type when you change the password on one server. You will need to modify the script that is generated to remove the parts that are specific to that server.

Annihilannic.
 
Upvote 0 Downvote
It looks as if Expect requires TCL also. Do I need to install these two packages on all of my servers to propagate password syncing?
 
Upvote 0 Downvote
No, you only need expect and TCL on the server where you are going to create and run the script from.

Annihilannic.
 
Upvote 0 Downvote
I feel like I am being led down a path that I might be afraid to go. I have read some web sites that make these packages available but it is confusing. The majority of my servers are running Solaris 8. Are there packages with Expect and TCl combined and already compiled for Solaris 8?
 
Upvote 0 Downvote
I am impressed with the replies I am getting on this subject. From not knowing anything on the subject, I have the passmass Expect script working on 35 of servers that run Solaris and AIX.I installed TCL-8.5-sol8*,. the libgcc-3.3-sol8* and the Expect-5.43-sol8 * packages. I can't seem to get passmass to work on my Linux servers. There seems to be an order issue with the old password, the new passwords, and perhaps the user name. I need some advice from somebody that has the passmass script working on Linux servers. I am sure that the code could be modified to work on Linux but I can't figure out how.
 
Upvote 0 Downvote
I've not used the passmass script, but it shouldn't be difficult to modify it for your Linux servers. Expect works by waiting for certain strings to appear in the ssh or telnet session, for example "password:" before sending the response to that prompt. You'll probably find that there are differences, sometimes very slight, between the prompts displayed by your Linux boxes and your Solaris boxes, so just open a login session to each and walk through the steps comparing the screen output, and then look through the script to figure out where it might need to be modified.

Usually the point at which the script gets stuck is a giveaway...

Annihilannic.
 
Upvote 0 Downvote
For those, particularly Annihilannic, who helped me with this issue I have a conclusion. I used passmass -ssh -prompt ":" servername. This was sticking when trying to accept the old password entry. When I copied the ssh keys found on the Unix server to the Linux client's authorized_keys file the passmass procedure worked. Thanks for everybodies help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
535
arciua
arciua
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
497
AvayaTier3
AvayaTier3
MauroCMSVR
  • Locked
  • Question
Print as PDF file in Solaris System
Replies
0
Views
412
MauroCMSVR
MauroCMSVR
BOKA
  • Locked
  • Question
Solaris NTP server
Replies
0
Views
398
BOKA
BOKA
thiruram
  • Locked
  • Question
SOLARIS 8
Replies
1
Views
441
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top