Change account passwd in one command
Hey everyone
is it possible to change an account password without having to type it in twice like the 'passwd' command does?(ie verify) I checked the man pages for passwd but doesnt seem to have an option to do so. |
Hi.
Try: Code:
echo n3wP4ssW0rd | passwd --stdin christopher_c |
Caution: not all versions of passwd understand the --stdin. The one
in Slackware (from shadow-4.0.3-i486-14) doesn't. Neither does the one in SLES, nor the one in Solaris 8 or 10... Which version of Linux *DOES*? :} Cheers, Tink |
Only the above method isn't too safe, because you type the password in clear-text, and secondly because it's pretty surely saved into command history of your shell. You can always remove the history file, but I still don't recommend typing passwords in clear-text.
|
Hmmm.
RedHat/Fedora's understands --stdin , but only allows it for root (so the security hazard from shell histories is somewhat lessened). Another RedHatism, it would appear. I thought these sorts of differences went away a long time ago too... An alternative (assuming you don't care about the afore mentioned shell history / ps listing issue) is to do Code:
echo -e 'n3wP4ssW0rd\nn3wP4ssW0rd' | passwd christopher_c |
this is one of those things that's nice to know, but not a good idea to actually DO....If you are "very clever", you can make it easy to make a typo in your password and then get locked out of your system.
It strikes me that the solution being discussed will take more time to type than simply entering the password twice. |
Think large scale deployment.
Code:
for go in `cat bigListOfServersWithPasswordlessSSHKeys`; do ssh $go "echo -e 'n3wP4ssW0rd\nn3wP4ssW0rd' | passwd christopher_c"; done Dave |
I appreciate that LDAP or NIS/NIS+ may not be an option for everyone or every
account, so the brute distribution of passwords can make sense. Why not change the password on one machine and then sed it with the method above in the shadow files on the target machines? ;} Cheers, Tink |
I like the way you think.
There'd have to be some jiggery-pokery with the password expire times too though. Also, a mix of AIX, Sol8,9,10 and Linux would make it a bit more horrific. ;) Dave |
Quote:
somewhat different incantation ... Cheers, Tink (inherently lazy - slacker for life) |
Kubuntu 7.04 doesn't recognise --stdin.
|
Try the expect tool, it's designed to handle ie automate issues like this
|
All times are GMT -5. The time now is 10:36 AM. |