SUMMARY : Re: Need to set common password

From: Krishna Murthy (KMurthy@novell.com)
Date: Mon Dec 14 1998 - 03:56:55 CST


Hi All,

  First of all let me thank following gurus,

Nickolai Zeldovich
Frank Fiamingo
Frank Smith
Sanjaya Srivastava
Peter L. Wargo
Sebastian Benoit
Alan Scott
Sean Quaint
Dale Wiles
John Bradley
Thomas Lewis
sandesh

 I have received 12 responses, finally I ended up in using expect script which I didn't want, many admins sent me the script which does (since I was in hurry, couldn't customise it to my environment, in future I will try to make use of those) this automatically. Fiamingo had a question about the security, ie. giving common password to 250 users, actually it is for testing purpose, so no need to worry at all.

Thanks for your help
Krishna

Question :
-------------
Hi Admins,

  I need to create 250 users and have to set common password, have written a script for creating users, but I want to know an easy way through which I can change the password of these users without using third party software like expect.

Thanks In Advance
Krishna

SUMMARY :
-----------------

The 'expect' software package comes with a nice utility which allows you
to change a user's password by running expect-autopasswd username password.

-- [ Nickolai Zeldovich ]

=====

Krishna,

Build the passwd and shadow files directly. Don't use
useradd. Write a script to do the following:

read, or create, the list of user names
write the passwd line:
  echo "$username:x:$uid:$gid:$INFO:$home:$shell" >> /etc/passwd
write the shadow line:
  echo "$username:$encryptedPW:$lastchg:$min:$max:$warn:$inactive:$expire::" \
>> /etc/shadow
             where most of these parameters are in days since 1/1/1970
create the home directory:
  mkdir $home
copy the starup files:
  cp /etc/skel/.??* $home
give the user ownership:
  chown -R $uid:$gid $home

You can calculate the encrypted password ahead of time by creating a dummy
account and setting the password. I've also got a C program somewhere
that uses crypt() to generate the encrypted form of the password you
provide, or generate a pseudo-random one.

The real concern I would have is 250 users all knowing each others
password!!! This you might want to rethink :).

Frank Fiamingo

=====

If you are just using the password file or shadow passwords, set
the password for one user, and then paste that same encrypted
string from that user into all the other entries.
   If NIS/NIS+, nistbladm can set passwords for users. If the UIDs
are sequential, a short script should handle a bunch of them pretty
easily.

Frank Smith

=====

Use sed to replace the passwd field in passwd file and run pwconv. This way
paswd will get propogated to shaow field.

..Sanjaya
=====

Easy. Crypt the password, then place it in the passwd file with sed. The
encryped password in a password file can be re-used, and is how I move passwords
around w/o knowing what they are.

-Pete

=====

This script chg_passwd takes a username and a password and sets this
directly in the passwd file. If you have shadow passwords you will have to
change the sed commands a bit.

Well, it uses '3rd party' software, the attached programm called
'pwcrypt'. However, this does nothing more but use the crypt() function to
encrypt the password. You can also do this in perl for example.
Sorry, I cant find the source for the programm right now, but its really
straightforward ... do a 'man -s 3c crypt'

Regrads,
Benno

ADMINS: Please let me know if you need this shell script, I will mail it to you

=====

Krishna,

 I had this problem early on adding students to the system at University, I wrote a shell script which added users to the passwd file wrapped around a small C program which generated random passwords. I guess as you already have script to add users, the passwords are now the problem.
find enclosed C code which outputs both the password(to give to the user) and the encrypted password to put into the password.

Any problems feel free to mail me back.

Alan Scott(Unix Admin)

PS. Should compile with gcc

Alan Scott

ADMINS: Please let me know if you need the c-program, I will mail it to you

=====

You could set a password on a dummy account, then create a script that
uses sed to replaces a new user account's default passwd (which will be
indicated by a *LK* in the shadow file if user was created with
useradd), with the encrypted password of the dummy account.

Sean Quaint

=====

 I'm assuming that you're useing password files and shadow files (not
NIS+). I'm also assuming that the user accounts already exist (are in
/etc/passwd), and that you're just trying to set their password. I also
assume that you have made copies of /etc/shadow and /etc/passwd.

  Change the password of one of the users to the password you want.
  
  Get the encrypted password:

    egrep username /etc/shadow | awk -F: '{ print $2 }'

  You should get a string like 'tzFaxkl0zJg6g' This is the encrypted password.

  Make a list of all the users you want to change. Begin each user name with
a '^' and end it with a ':'. Call it 'users'. If you wanted to change
users foo, bar and baz, you would make the file user with the entries:

  ^foo:
  ^bar:
  ^baz:

  Note: There are no spaces before or after the user's name, and no blank
lines

  The rest is done as root:
  
  Copy /etc/shadow to a temp file, removing the users in question:

    egrep -v -f users /etc/shadow > shadow.tmp

  Now copy the users over, while changing their password:

    egrep -f users /etc/shadow | sed 's/:[^:]:/:tzFaxkl0zJg6g:/' >> shadow.tmp

  Note: Change 'tzFaxkl0zJg6g' to what ever you got for the encrypted
password.

  Visually inspect shadow.tmp to make sure that nothing went wrong, and then
copy it over to /etc/shadow.

  Good luck and remember, if you screw up your shadow file, I'll deny ever
sending this message :0)

Dale

=====

Create a valid password entry in the shadow file(passwd or nispasswd or yppasswd). Then
take the encrypted password and put in the password fields for all the users in the shadow
file. This is assuming you are just using /etc/passwd and /etc/shadow files.
If you are using NIS or NIS+, you could get the encrypted password field from the niscat
passwd or ypcat passwd command.
Or you could use a command to get the data from NIS+:

This will give you the NIS+ encrypted data that you could past into a shadow entry
for all users.

This will extract info to file:
# nisaddent -d shadow > /admin/tables/shadow

This will put back into the NIS+ database:
# nisaddent -r -f /admin/tables/shadow -t shadow.org_dir key-value

Then do a nisping.

jb

=====

Hi Krishna, here is the expect script I use when creating new password
entries for new users...

#!/data/g/bin/expect
spawn yppasswd $argv
expect "password:"
send "\r"
expect "password:"
send "newpass\r"
expect "password:"
send "newpass\r"
expect eof

=====

hi
I assume that you have created all the 250 users
Now assign the common password to one user
you can always go to /etc/shadow file and put the passwd field of that
user to all users by editing through vi .

Sandesh Kubde.
=====



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:53 CDT