Summary: setting user passwords without having root password

From: Martin Spohn (spohn@mailserv.zdv.uni-tuebingen.de)
Date: Wed Sep 09 1992 - 15:39:09 CDT


Dear all,

last Friday I asked some questions about setting user passwords:

> Can somebody please help me to solve the following problems
> on Sparcstations with SunOS 4.1 and 4.1.1:
>
> 1. Our user administrator should be able to change passwords for all
> users with UID say greater than 100. However he should not know the
> root password.
>
> 2. We want to set some constraints on the election of passwords, e.g.
>
> - 6 characters minimum
> - at least to alphabetic characters
> - at least one character must be numeric or a special character
> - the user should be forced to set a new password at first login
> and then after regular intervals
>
> 3. The establishment of a new user account should be automated.
> How can I manage that the initial password is read from a file
> and not from the terminal?

I got 12 answers from

blymn@baobab.awadi.com.AU (Brett Lymn)
svend.back@Germany.Sun.COM (Svend Back)
ari.ronkainen@vtt.fi (Ari Ronkainen - VTT/ELE)
A.J.C.Blyth@newcastle.ac.uk (Andrew Blyth)
David Lee <T.D.Lee@durham.ac.uk>
mlg@cstp.umkc.edu (Meg Grice)
rwolf@dretor.dciem.dnd.ca (Robert J Wolf)
era@niwot.scd.ucar.EDU (Ed Arnold)
macphed@dvinci.usask.ca (Ian MacPhedran)
Daneel Pang <daneel@Trantor.DSO.gov.SG
Perry_Hutchison.Portland@xerox.com
ups!kevin@fourx.Aus.Sun.COM (Kevin Sheehan {Consulting Poster Child})

Many thanks for your hints!

And here is the summary:

There are some packages available that should do (part of) the job:

npasswd from ftp.cc.utexas.edu in pub/npasswd/npasswd.tar.Z

passwd+ from dartmouth.edu in pub/security/passwd+.tar.Z

expect from e.g. cac.washington.edu in local/bin.sparc
                 cs.dal.ca in pub/comp.archives
                 svin01.win.tue.nl in pub/programming

crack from cert.org in pub/tools/crack/crack_4.1.tar.Z

cops from cert.org in pub/tools/cops/1.04/cops_104.tar.Z

Sunshield a.k.a ARM from ???

The Obvious Password Detector (OPD), from comp.sources.unix, nov 88. from ???

The OPUS Project passwd program, discussed in proceedings of the 14th
Natl Computer Security Conference (Oct 91) from ???

su2 from ???

sudo from ???

And I got a nice hack from Svend Back how to read passwords from
variables or files when using /bin/passwd:

----------- begin chpasswd -----
#!/bin/sh
# usage: chpasswd user passwd
# Change a passwd without user intervention
user=$1
passwd=$2
if [ "X$2" = X -o "X$1" = X ]
then
        echo "usage: $0 user passwd"
        exit 1
fi
trap "mv /dev/tty- /dev/tty; rm /etc/passwd.$$; exit" 0 1 2 3
# The trick is to move /dev/tty away and simulate input
mv /dev/tty /dev/tty-
echo $passwd > /dev/tty
cp /etc/passwd /etc/passwd.$$
echo "change passwd for [$user] to [$passwd]"
passwd -F /etc/passwd.$$ $user
cp /etc/passwd.$$ /etc/passwd
-------- end chpasswd -----

Thanks again for all your help

Martin Spohn
Zentrum fuer Datenverarbeitung Telefon: +49 7071 296970
Abteilung Netze E-Mail:
Universitaet Tuebingen SMTP: spohn@mailserv.zdv.uni-tuebingen.de
Brunnenstrasse 27 X.400: C=de;A=dbp;P=uni-tuebingen;OU=zdv;S=spohn
D-7400 Tuebingen



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:49 CDT