need script for passwd , can't use expect tool

Applications Infrastructure Monitoring
1

Hi ,

as others users here , i'm searching for a script which can automate "passwd" dialog .
I saw threads about "expect tool" but on my platforms , "C" product isn't installed and i'm not the admin so i can't install it.

is there another way to do it , with a "simple" shell script ???

regards

christian

2

Hi,

.netrc and .rhosts files still excist. But you've gotta do it on Unix systems though. I don't know if that is your case. Else input redirection doesn't work in these cases, sorry.

Regs David

3

If you are not the admin, why would you need a script to automate the passwd process?

4

Thanks for your interest !

i use the same "username" on about 25 differents hosts and forced to change the password every "2 months" , so this is why i'm interested about automating this process.

christian

5

HI Perderabo,

I was reading it wrong the first time (as well). It's the passwd process for prompting the password. Not mody-fying the password-file. I think you make the same read-error as I did :slight_smile:

Regs David

6

I didn't misread it, I knew that he wanted to automate the passwd program. I just didn't understand why a non-admin would want to do that. Now I do. Changing the password for one user on 25 boxes is a very different problem than changing the password for 25 users on one box.

Christian, can you telnet to all 25 boxes? Do you have expect available of any of them? If so you use expect to telnet to each box and then change your password.

7

I have access to all hosts via Telnet or rlogin but i can't use "expect" because installing it need "C" product , we don't have it and we can't install it , install need "root" rights.

christian

8

Hi Nicol,

I still think that .rhosts should be your solution. The sysadmin should be willing to help you with that.
If he doesn't wants to, just tell him to start using NIS or LDAP :slight_smile:

Regs David

9

I don't understand the relationship between the ".rhosts" and the script i need !!!

christian

10

Sorry, me either. I explained you that redirecting input is not working in this case.
The only solution I can think of is use .rhosts to log through without a password then type the passwd command.
This of course need to be automated to do it for all about 25 servers in one go. Looks awfull though re-typing your password 25 times.
Ha, ha you will never forget your new password at least :slight_smile:

Ahum, sorry. No only expect, NIS or LDAP could be your solution. As you don't have it there is no workable solution for you.

Regs David

11

If you can find the software cd for Sun Cluster, then there is a program on it called ccp. It allows you to build a list of servers (16 per group I think) and telnet to all 16 at the same time (opens 16 windows) and you then use a command window to do the same commands on all 16 systems.

It uses telnet to connect to the systems, does not require a license for Sun Cluster.

I have the following on my workstation (although I don't think all are required to run ccp)
system SUNWccon Sun Cluster Console
system SUNWccp Sun Cluster Control Panel
system SUNWclmon Sun Cluster Monitor
system SUNWcsnmp Sun Cluster SNMP agent
system SUNWscch Sun Cluster Common Help Files
system SUNWscins Sun Cluster Installation Scripts
system SUNWscsdb Sun Cluster Serialports/Clusters Database

This is what I used in the past to change root password on 120 servers (I'll be glad when they add ssh support to it). Now we only have around 30 servers but it's still better than going to each one.

12

Hi RTM,

Is this something new that comes with SunCluster 3.0 ??
I only know this feature from E10k control. This is normaly installed on the SSP.
Don't know if you're mixing up, or if this realy is a new feature.

Regs David

13

My hosts are AIX one and i don't have SUN and don't know if this product is compatible.

Today i use a semi automatic script which "rlogin" to each host and i send manually "passwd" then passwords but it's quite boring .

thanks

christian

14

The one I used was on SunCluster 2.1 - if you put the cd in you can load the software (not all of it is needed but I don't remember which are and which are not) with no license needed (you can't run a cluster but can run the ccp program after setting up your /etc/clusters file).

I doubt this package is compatible with AIX (actually I know it's not). I would believe that it's possible to do this with any UNIX OS since it's more of a X-window thing than SUN thing. I tried messing around with it once (trying to get ssh to work with it) but it was beyond my patience and understanding.

15

Do you have ksh available?

16

Doing this install , you need "root" rights , i'm onlu user !!

christian

17

Yes i have "ksh"

christian

18

OK, when I have some time I'll experiment with ksh. I think I might be able to use a telnet coprocess to allocate the pty.

19

No money back guarantees on this one. But I tested it on both HP-UX and SunOS and it works for me.

#! /usr/bin/ksh

#  changepass --- change the user's password on a list of hosts
#  perderabo  9/23/03  Version 0.0
#
#  You will need to adjust HOSTLIST.  You may need to adjust DELAY
#  and all of section 2.
#


#
#  Section 0 --- Set stuff up

HOSTLIST="test1 test2"
DELAY=3
stty -echo
print -n Enter Old Password-
read OLDPASS
print 
print -n Enter New Password-
read NEWPASS
print
stty echo
USER=$(whoami)
exec 4>&1


#
#  Section 1 --- Prove that we can talk with the hosts in HOSTLIST
#     Part 1 --- telnet to each and touch a file

for HOST in $HOSTLIST ; do
	telnet $HOST >&4 2>&4 |&
	sleep $DELAY
	print -p $USER
	sleep $DELAY
	print -p $OLDPASS
	sleep $DELAY
	print -p touch changepassdatafile.$HOST
	sleep $DELAY
	print -p exit
	wait
done

#
#  Section 1 --- Prove that we can talk with the hosts in HOSTLIST
#     Part 2 --- Retrieve the files via ftp

ftp -nv >&4 2>&4 |&
for HOST in $HOSTLIST ; do
	print -p open $HOST
	print -p user $USER $OLDPASS
	print -p get changepassdatafile.${HOST}
	print -p close
done
print -p bye
wait

#
#  Section 1 --- Prove that we can talk with the hosts in HOSTLIST
#     Part 3 --- Inspect the retrieved files

errors=0
for HOST in $HOSTLIST ; do
	if [[ -f changepassdatafile.${HOST} ]] ; then
		echo $HOST was ok
		rm changepassdatafile.${HOST}
	else
		echo $HOST has a problem
		((errors=errors+1))
	fi
done
((errors)) && exit 1

#
#  Section 2 --- Change the passwords

for HOST in $HOSTLIST ; do
    telnet $HOST >&4 2>&4 |&
    sleep $DELAY
    print -p $USER
    sleep $DELAY
    print -p $OLDPASS
    sleep $DELAY
    print -p passwd
    sleep $DELAY
    print -p $OLDPASS
    sleep $DELAY
    print -p $NEWPASS
    sleep $DELAY
    print -p $NEWPASS
    sleep $DELAY
    print -p exit
    wait
done

#
#  Section 3 --- Verify that the passwords were changed
#     Part 1 --- Retrieve those files via ftp again

ftp -nv >&4 2>&4 |&
for HOST in $HOSTLIST ; do
    print -p open $HOST
    print -p user $USER $NEWPASS
    print -p get changepassdatafile.${HOST}
    print -p delete changepassdatafile.${HOST}
    print -p close
done
print -p bye
wait

#
#  Section 3 --- Verify that the passwords were changed
#     Part 2 --- Inspect the retrieved files

errors=0
for HOST in $HOSTLIST ; do
    if [[ -f changepassdatafile.${HOST} ]] ; then
        rm changepassdatafile.${HOST}
    else
        echo $HOST has a problem!
        ((errors=errors+1))
    fi
done
((errors)) && exit 1


exit 0
20

Thanks for your help ,

i will test this script as soon as possible and tell you in return !

christian