changing passwd on unix servers:

[opvk]

Hello I am working on a perl prg to change passwd on several servers at one time. I am new to perl and this is my first program, been trying to get to work this one out. Can some one tell me what is worng or actually help me out?)

This one ask the user for the remote login, remote old_passwd and the new_passwd and change it in all the unix boxes. When ever I try to run it gives me an error saying time out (at the cmd(passwd))line. Anyways here is the code:



use strict;
use IO::File;
use DBI;
use Net::Telnet;

# set the required variables

my (@list,$server_list,$count);
my ($old_passwd,$new_passwd,$remote_login);
my ($DB_server,$DB_user,$DB_passwd,$telnet,$output);

# Get the required login and passwords

print "Enter the remote login :\n";
$remote_login = <>;
print "Enter the old password :\n";
$old_passwd = <>;
print "Enter the new password (Remember it should differ atleast in 3 CHAR than the old pas
swd) :\n";
$new_passwd = <>;

# Compare the Old and new password, if same exit
# else open the list and for each server on the list
# enter the remote_login and the old_passwd to login to the box and use the new_passwd to c
hange it

if ("$old_passwd" eq "$new_passwd")
{
print "Old and new password are same \n";
exit;
}
else
{
open(server_list,".servers") || die "couldn't open the file!\n";
@list = <server_list>;
$count = 0;
foreach $DB_server(@list){
$telnet = new Net::Telnet (Timeout =>10,
Errmode => 'die');
$telnet->open('dba1-sun');
$telnet->login("$remote_login","$old_passwd");
$telnet->cmd('passwd');
#$telnet->waitfor ('/\$ $/i');
$telnet->waitfor('/Enter existing login password: $/i');
$telnet->print("$old_passwd");
$telnet->waitfor('/New Password: $/i');
$telnet->print("$new_passwd");
$telnet->waitfor ('/Re-enter new Password: $/i');
$telnet->print("$new_passwd");
$output = $telnet->waitfor('/\$ $/i');
print $output;
$count++;
}
close(server_list);
}




Winners don't do different things
They do things differently

 

[PaulTEG]

try a \n at the end of your printed string or \r\n on windows.

Telnet is insecure though as it's clear text.

http://search.cpan.org/~rgiersig/Expect-1.20/Expect.pod

and SSH would be more secure.

Just a thought
--Paul




Paul
------------------------------------
Spend an hour a week on CPAN, helps cure all known programming ailments ;-)

 

[Xaqte]

I agree with Paul, ssh is the way to go... especially when changing passwords.

With ssh you can use a key to login without a password!

Windows
Linux

I'm not going to say it will be easy, but I suggest trying it out and report back with any probs!

Let us know your results!

X

 

[opvk]

Well the problem is that our sun machines does not support ssh! or in other words we do not have ssh installed in any m/c.

Winners don't do different things
They do things differently

 

[opvk]

Well I change the script by adding chomp where ever I get an input and it works till the point
$telnet->cmd('passwd');

and at this point I get an error saying:
command timed-out at testpasswd.pl line 59

Could some one point me how to execute the passwd command on the remote server?


Winners don't do different things
They do things differently

 

[PaulTEG]

It's waiting for input, did you terminate the string with the appropriate line ending ...

--Paul

Paul
------------------------------------
Spend an hour a week on CPAN, helps cure all known programming ailments ;-)

 

[opvk]

Do you mean with a "\n" ?
here is my new code. I did chomp the datas that the user enters.

open(server_list,".servers") || die "couldn't open the file!\n";
@list = <server_list>;
chomp(@list);
$count = 0;
foreach $DB_server(@list){
print "server is $DB_server \n";
$telnet = new Net::Telnet (Timeout =>10,
Errmode => 'die');
$telnet->open("$DB_server");
$telnet->waitfor('/login: $/i');
$telnet->print("$remote_login");
$telnet->waitfor('/password: $/i');
$telnet->print("$old_passwd");
$telnet->cmd('passwd');
$telnet->waitfor('/Enter existing login password: $/i');
$telnet->print("$old_passwd\n");
$telnet->waitfor('/New Password: $/i');
$telnet->print("$new_passwd\n");
$telnet->waitfor ('/Re-enter new Password: $/i');
$telnet->print("$new_passwd\n");
$output = $telnet->waitfor('/\$ $/i');
print $output;
$count++;
}
close(server_list);
}


Winners don't do different things
They do things differently

 

[MikeLacey]

As I recall the passwd program doesn't read stdin, it reads direcly from /dev/tty so as to block this kind of use of the program (which, if you think about it, is how you'd try and crack a password)

In the past I've gotten around this by using the crypt() function, not for ages though and it involved writing directly to the /etc/passwd file which is not something I'd like to encourage really.

Mike

I am not inscrutable.

Want great answers to your Tek-Tips questions? Have a look at faq219-2884

 

[opvk]

Forgive my ignorance Mike, I am new to Perl.
I thought using crypt( ) would be to directly mess with passwd file with out the need of login and current pass word. Do I still need to use the crypt if I do a telnet knowing the current login and password?.

With a little bit development in the program when I did
$telnet->print ('passwd'); instead of $telnet->cmd('passwd');
It prints out an error saying pattern match timed-out at xxx.pl line 61 which is :
$telnet->waitfor('/Enter existing login password:/');

I am working in Ksh and if I could pass similar statements before like waitfor('/login: $/i'); could someone tell me what could be wrong?

Or is this something that could be done using crytp alone?

Thank you,
Vishnu

In the program I have passed the


Winners don't do different things
They do things differently

 

[MikeLacey]

Hi Vishnu,

Quite so, using the Perl's crypt() funtion will mean modifying the /etc/passwd file directly - and it's for this reason it wouldn't be my first choice nowadays.

Mike

I am not inscrutable.

Want great answers to your Tek-Tips questions? Have a look at faq219-2884