LinuxQuestions.org - Changing root passwords on multiple servers

Hello all,

I am new to the forums so if this post is i the wrong location I apologize. Similarly, if this has been discussed before, please let me know.

Here it goes...

I am working in an environment containing multiple RHEL platforms all of which are in "WORKGROUPS" for lack of a better term. :) In other words, directory services and LDAP have not been implemented (yet) and will not be for quite some time. Quite simply LDAP or NIS is not an option.

With the always growing environment, we are getting to a point where user management alone is becoming a nuissance mostly due to the fact that security measures have been implemented which require users to change their passwords every 45 days. This even includes system accounts including root.

While the root password never expires, it still has to be changed every 45 days and across hundreds of servers, which can get tedious. I am needing some kind of way to:

1. Generate multiple passwords for each server following the necessary standards (8 char, no repeating chars, etc.)
2. Use the generated passwords and put them out on each server
3. Somehow document those passwords (in the most secure way possible) so that they may be placed on an encrypted web page used as a repository.

If anyone has any experience in dealing with this, please let me know. One thing to consider, I have a service account with RSA keys swapped on all servers in the environment with sudo implemented. It has come in handy in the past for automation across all the boxes in the past. For example, I can remotely execute commands, without having to supply a password on all the servers.

In advance, I appreciate the help.