From: Gold Sun (goldsun8@yahoo.com.sg)
Date: Mon May 30 2005 - 20:26:08 EDT
Hi,
We have hardened Solaris boxes where administrators do
not need to know the root password (as we just do 'sudo -s').
It's the policy here that all passwords including root's must
expire every 3 months but this created a problem to an
application that would fail if the root password expires.
I have an idea/solution that the security person is agreeable :
"set up a script in crontab which runs every 90 days to
change the password to a randomly generated password"
I've obtained a standalone tool from a TACACS application
that would generate a different hashed password each time
it's run even though the same fixed string(contained in the
file input.txt) is input into it :
./generate_pass < input.txt
Password to be encrypted: J58rSyCjtnUhQ
./generate_pass < input.txt
Password to be encrypted: 2ZwWQZxHplNA.
The problem I'm facing is how to feed the encrypted password
into the "passwd root" command if someone could help me
with some Shell scripting here :
a)"passwd root" command will prompt for password twice
- so how can we feed the encrypted string into
"passwd root"
b)note that we should not run generate_pass twice as it
will create a different password - we need to enter the
same password twice (2nd time is confirmation)
Thanks for any help
G Sun
Yahoo! Mobile
- Download the latest ringtones, games, and more!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:46 EDT