passwd - procedure to bypass the prompt to confirm a new passwd

[BRIANH]

I have a  requirement to change both the root passwd and my own passwd once every 30 days. I'd like to automate the process but can't seem to find a workaround for the confirmation prompt.

Ideally I'd like to create a script which would contain the new passwd and provide a means to send the confirmation to passwd without the prompt being sent to the screen..

Has anyone seen / done this?  I am using Novell SUSE Linux but I'm guessing that the passwd command works the same for all flavors of Linux..

[mroilfield]

Why do you have a requirement to change your password every 30 days?

[BRIANH]

company policy

[Carbon Dudeoxide]

Write a script to input the new password? Why not just give everyone your password?

[mroilfield]

Why not ask your company IT department for the needed script.

Unless of course you know they will not allow you to do it. This also means that the fine people here can't help you with it either as we do not help to circumvent security policies.

[BRIANH]

I just posed a question. I'm responsible for the servers and I'm still feeling my way around in Linux. What I don't need is a lecture on procedures, allowing my passsword to be given freely to everyone or anything else.

This forum is supposed to be a facility to pass along ideas and solutions which may be appropriate to a user; user responsiblity. Not a moral high ground or ethics 101.

thanks for the help...

[BC_Programmer]

it's not about ethics or a moral high ground- it's about legal liability of CH and it's members and the avoidance thereof.

IF the linux terminal/shell is not allowing you to pipe any "forced" input into passwd, it may have been designed that way.

[anthonyf]

You should probably look into the 'expect' programming language. It can be downloaded for free for any UNIX/Linux variant and is often installed by default. It was designed for automating things that were designed to be run interactively, and the 'passwd' program certainly falls into that category. If you get 'autoexpect', it will do most of the work of writing the script for you.

That being said, I have to agree that what you are trying to do would probably not make the admin happy.

[Dias de verano]

What I don't need is a lecture on procedures, [...] This forum is supposed to be a facility to pass along ideas and solutions which may be appropriate to a user; user responsiblity. Not a moral high ground or ethics 101.

The remarks quoted above are like a red rag to a bull where I am concerned! BRIANH, this thread is on a web forum that anybody in the world may read. ComputerHope aims (I use the word advisedly) to be a responsible forum. Its readership includes a large number of impressionable schoolkids and novices. We don't advise how to bypass security procedures. I don't think we should advise how to deliberately sloppify them either.

[Carbon Dudeoxide]

You mean 'Had'. Topic dates.

[ghostdog74]

I just posed a question. I'm responsible for the servers

if you want to use passwd, hint: you can use the --stdin option. check your passwd man page.
If you are the administrator, su to root, then execute passwd, or even usermod -p .. you shouldn't be prompted for a confirmation.

[BC_Programmer]

Ahh, there we go! there is a way to get standard input into the passwd program.

[banjo67xxx]

If you only have to change your password on a single computer every 30 days then the hassle of writing a script would be more trouble than its worth, so I assume you want to change the password on many linux systems. Is that so?

You can change the password once on one system, then get the encrypted password from /etc/shadow. Then just use sed to edit the shadow file on all the other systems from a script.

Alternatively, configure all your linux systems to be part of a NIS domain, making one a NIS
master and a couple of others NIS slaves, then just change your password once.

Finally, I see there's some stuff on using LDAP with linux, so you could probably have one password for Linux and Windows like NIS, but I've never used LDAP so I might be wrong on that point.

[Dias de verano]

banjo, no point in awakening a 6 week old thread.