Sorry there was a typo in the u_lock_at_ parameter.
Many thanks to all who responded.
There were many ideas here. I am sure they would all work. I was rooting around
before I got some of the replies and found I
could create the passwor with 'useradd'. The use edauth -g account to dump the
entry to a file.
Modify that file by adding the 'u_pwd=GyRb26u5TWkxQ' to give me the default
'welcome' password.
I was not sure how to unlock or expire tha password immediately but after some
more rooting I found the u_lock_at_ keyword.
So I added that and the account was unlocked and expired.
I will add what I did finally at the end of the summary.
o- Decide what your default password is going to be:
Larye Parkins suggested adding the u_psw_change_reqd value set to True to
unlock and expire the password. I will try that as well
Thanks a lot to all who replied. I will append all the replies to the end.
Julian
0 -default_passwd-----------------------------------------------
#!/usr/local/bin/perl
$password = "whatever"
$salt = pack("CC",valid_salt_char(),valid_salt_char());
$crypt_passwd = crypt($password,$salt);
print "$crypt_passwd";
------------------------------------------------------------------
o- paste the default password in your password file.
For example:
echo
"$uname:`default_passwd`:$uid:$gid:$name:$home:$sh">>path/to/your/passwd/file
Let me know if you are interested in the "valid_salt_char fx".
-- Alan Angulo
======================================
Julian,
I down loaded TCL/Tk to use the "expect" command to do just that, but
you'll find it does so much more. It allows you to automate running
interactive commands such as password. In fact I've long since deleted the
examples but I think one of the examples was for automating the passwd
command. Either way you can start "autoexpect", run your password command,
then type exit and autoexpect wries your script for you.
Jim Fitzmaurice
===========================================
Hi Julian.
I do it in a bit difficult way, but it works.
I have added a user (I call her pw-proto) with no shell and a "default"
password. Then I modified the adduser script to get the "default"
password and use that instead.
In my script it is:
PASSWD=`grep proto_pw /etc/passwd | cut -d: -f2`
echo
"${USER}:${PASSWD}:${UID}:${LOGGID}:${NAME}:${PARENT}/${USER}:${LSHELL}"
>> /etc/passwd
(there should not be any wrap here)
Good luck
Agust Karlsson
================================================
the easiest way i can think of is to set the password to what you want on a
dummy account and then copy that encrypted string into the passwd file in
the password field for the new accounts.
Roger Leonard
=================================================
You can use crypt() (3) to generate the encryption string and install it
in the authorization database with edauth or usermod. We use this
method for an automated user account creation system, where the
prospective user is authenticated with a student ID and PIN and then
selects her own password for the system.
A bit simpler method for scripts, especially if you are doing batch
account creation, is to use Expect scripts to feed the password to the
passwd command inside the script. Expect requires Tcl/TK: a specific
version of Expect will only work with a specific version of Tcl/TK, so
you need to get the sources for Expect and then get Tcl/TK to match.
The Expect package also comes with a sample random password generator so
you can generate unique system assigned passwords for accounts and print
them for distribution to users. Both Expect and Tcl/TK are available in
Open Source versions.
Larye D. Parkins
> I was planning to use edauth -g to dump the account entry then use awk to add
> the default password and then cat the
> dumped file back using edauth -s.
> This seems to work, however I would also need to be able to expire the
password
> immediately thus forcing the user to change default password at intial login.
> Any ideas?
> Julian
>
man prpasswd
gives a description of the fields you can insert into the authcap
database. The u_psw_change_reqd value set to True will require a
password change at next login without locking the account. I'm not sure
it resets automatically, not having tried it, but it should.
The Enhanced Security system is one of those areas where Tru64 is not
anything like HP-UX or Solaris (my immediate prior experience), so it
bears some study. I used sed scripts with "edauth -g ... | sed -e '...'
| edauth -s" rather than awk, because not all users have the same number
or order of fields, depending on the policies in force at the time their
accounts were created or account changes since. For instance, most of
the boolean fields are optional and take the "False" value if not
present. If the system was built before Tru64 4.0D, the databases were
converted from the previous form. If you are merely setting values
without reading the old values, usermod is the safest, since you just
use keyword=value pairs as arguments to the -x option and the system
inserts or edits the database as it sees fit. Or, use edauth -g to read
and associative arrays in awk or perl and call usermod to change or add
specific fields based on array values.
-
> Larye D. Parkins,
Received on Fri Mar 24 2000 - 08:40:42 NZST