Robert J Lee
It's an challenge task the way i like it
. don't know the existence of such a software, none that fits your needs, so you'll must be on making your own scripting i think.
I suggest you 2 sides being one(or more) script in the your clients machines, executed by cron or something, with exec properly setted in sudoers file (once it will need root privileges) and one to prepare things for your support team.
There are quite a few users in the support team, and we would like to give each user their own login account. We also need a way to rotate passwords, preferably without having to log into each machine separately.
Ideally, a solution would allow us to rotate passwords as well, and keep UIDs the same across machines.
You have a lot of uid numbers wich isn't used in machines, some high ones like 1010, 1011, etc. this is a matter of creating such acconts in your client machines. your script would take care of rotating passwords once it's a matter of /etc/passwd file. Just create a new password, encrypt it and and change the file.
Here you have an example of script to create new user: http://www.cyberciti.biz/tips/howto-...-add-user.html
an here an example of changing it via network: http://www.unix.com/shell-programmin...html#post40791
There are several other reasons for wanting to do this: to limit what each person can do (using sudo) as well as to log who performed what operations on the machine. This logging already exists but just says that the administrator user did something, making it hard to know who to talk to when things go wrong.
This is a matter of configuring /etc/sudoers at your needs, including the option to "mail_always" flag at the same file. it's checked off as default, but changed to on, will mail you what users that perform sudo commands
So, my suggest is to put in a web server some king of encrypted file with data to your client side script, from time to time it checks the file in the web server and check it version, changed version updates clients machine with new passwords and what you need. The script for your support team will make this file and upload it to the server.
That's the whole idea, hope it helps.