Change account passwd in one command

christopher_c · 10-18-2007, 02:00 PM

Hey everyone

is it possible to change an account password without having to type it in twice like the 'passwd' command does?(ie verify)

I checked the man pages for passwd but doesnt seem to have an option to do so.

ilikejam · 10-18-2007, 02:40 PM

Hi.

Try:

Code:

echo n3wP4ssW0rd | passwd --stdin christopher_c

Dave

Tinkster · 10-18-2007, 02:55 PM

Caution: not all versions of passwd understand the --stdin. The one
in Slackware (from shadow-4.0.3-i486-14) doesn't. Neither does the one
in SLES, nor the one in Solaris 8 or 10...

Which version of Linux *DOES*? :}

Cheers,
Tink

b0uncer · 10-18-2007, 02:57 PM

Only the above method isn't too safe, because you type the password in clear-text, and secondly because it's pretty surely saved into command history of your shell. You can always remove the history file, but I still don't recommend typing passwords in clear-text.

ilikejam · 10-18-2007, 03:00 PM

Hmmm.

RedHat/Fedora's understands --stdin , but only allows it for root (so the security hazard from shell histories is somewhat lessened).

Another RedHatism, it would appear. I thought these sorts of differences went away a long time ago too...

An alternative (assuming you don't care about the afore mentioned shell history / ps listing issue) is to do

Code:

echo -e 'n3wP4ssW0rd\nn3wP4ssW0rd' | passwd christopher_c

Dave

pixellany · 10-18-2007, 03:47 PM

this is one of those things that's nice to know, but not a good idea to actually DO....If you are "very clever", you can make it easy to make a typo in your password and then get locked out of your system.

It strikes me that the solution being discussed will take more time to type than simply entering the password twice.

ilikejam · 10-18-2007, 03:51 PM

Think large scale deployment.

Code:

for go in `cat bigListOfServersWithPasswordlessSSHKeys`; do ssh $go "echo -e 'n3wP4ssW0rd\nn3wP4ssW0rd' | passwd christopher_c"; done

I wish we were able to do this sort of thing from a secured box at work. It would save me ~3 hours repetative strain injury time a month.

Dave

Tinkster · 10-18-2007, 04:10 PM

I appreciate that LDAP or NIS/NIS+ may not be an option for everyone or every
account, so the brute distribution of passwords can make sense.

Why not change the password on one machine and then sed it with the method above
in the shadow files on the target machines? ;}

Cheers,
Tink

ilikejam · 10-18-2007, 04:17 PM

I like the way you think.

There'd have to be some jiggery-pokery with the password expire times too though. Also, a mix of AIX, Sol8,9,10 and Linux would make it a bit more horrific.

Dave

Tinkster · 10-18-2007, 04:21 PM

Quote:

Originally Posted by ilikejam

I like the way you think.

There'd have to be some jiggery-pokery with the password expire times too though. Also, a mix of AIX, Sol8,9,10 and Linux would make it a bit more horrific. ;)

Dave

Heh. That's three loops, then, one for each OS-type ;} with a
somewhat different incantation ...

Cheers,
Tink (inherently lazy - slacker for life)

matthewg42 · 10-18-2007, 04:46 PM

Kubuntu 7.04 doesn't recognise --stdin.

chrism01 · 10-19-2007, 01:26 AM

Try the expect tool, it's designed to handle ie automate issues like this