Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
CMS Password Resets 1
- Thread starter Stinney
- Start date
Yes. But there may be a cost associated if you've not already completed CMS hardening through Avaya. The hardening tightens security on your system, i.e. password aging, login ID use limitations, removal of unnecessary services, etc.
In 2005, Avaya added our "Change Password" functionality as a main menu addition. We can create a login with permission only to that main menu addition to change passwords. This addition was part of our SOW for the hardening project and cost was included in the overall project.
If you always do what you always did, you'll always get what you always got! Anonymous
In 2005, Avaya added our "Change Password" functionality as a main menu addition. We can create a login with permission only to that main menu addition to change passwords. This addition was part of our SOW for the hardening project and cost was included in the overall project.
If you always do what you always did, you'll always get what you always got! Anonymous
-
1
- Thread starter
- #3
I'm not sure what the cost was for us. Sorry. You should contact your Avaya rep to get a quote based on any contracts you may have in place.
I believe standard fees for Professional Services is $150 per hour with a 2 hour minimum. It may take 2-4 hours for them to complete the provisioning of the app.
Best of luck!
If you always do what you always did, you'll always get what you always got! Anonymous
I believe standard fees for Professional Services is $150 per hour with a 2 hour minimum. It may take 2-4 hours for them to complete the provisioning of the app.
Best of luck!
If you always do what you always did, you'll always get what you always got! Anonymous
- Thread starter
- #5
In the Solaris forum someone offered the following script to reset passwords only:
##This script asks for a username and resets the password of the given user.
get_response()
{
read response
case x"$response" in
xQuit|xquit|xQUIT|xq|xQ)
exit;;
x) response=$1;
export response;;
esac
}
invalid_user()
{
sleep 1
print "***********************"
print " You may not maintain unix system accounts"
print "***********************"
exit
}
while : ;
do
print -n " Enter the UNIX Account to reset or 'q' to quit: "
get_response
UXUSER=$response
if [ "$UXUSER" = "" ]
then
print -n "You must enter a user to reset: "
continue
else
case $UXUSER in
root) invalid_user ;;
root2) invalid_user ;;
cms) invalid_user ;;
bin) invalid_user ;;
sys) invalid_user ;;
adm) invalid_user ;;
lp) invalid_user ;;
uucp) invalid_user ;;
nuucp) invalid_user ;;
listen) invalid_user ;;
nobody) invalid_user ;;
noaccess) invalid_user ;;
nobody4) invalid_user ;;
esac
fi
print -n "resetting password for $UXUSER : "
/usr/bin/passwd $UXUSER
/usr/bin/passwd -f $UXUSER
done
# end of script
I then created a user that had root permissions and changed their entry in the passwd file to set their shell to the path and file name of the script.
I've kicked the tires and it seems to work great. Every time I log in with the user I created I can only reset passwords to null. I can't reset passwords for the users that are listed in the script and invoke the invalid_user subroutine. If I try to do anything else while the script is running, try to CTRL-C or abort the process it logs me off.
Enjoy!
- Stinney
Favorite all too common vendor responses: "We've never seen this issue before." AND "No one's ever wanted to use it like that before.
- Thread starter
- #7
- Thread starter
- #8
I've updated this password reset script to create log entries in a filed called resetpw.log when it is used to reset a password.
The log will show an entry of the login that was reset, date and time it was done and the IP address or Machine Name of the computer that the user did the change from. If someone tries to change a login that's in the list of logins that are not allowed to change it will append the entry with "***".
So an entry of an allowed reset of the password for login jsmith done by username of resetpw would look like this:
jsmith 20080416 resetpw pts/74 Apr 16 11:15 (X.X.207.83)
An entry of a disallowed change would look like this:
***root 20080416 resetpw pts/74 Apr 16 11:15 (X.X.207.83)
Here's the revised script:
#!/usr/bin/ksh
#This script asks for a username and resets the password of the given user.
get_response()
{
read response
case x"$response" in
xQuit|xquit|xQUIT|xq|xQ)
exit;;
x) response=$1;
export response;;
esac
}
invalid_user()
{
sleep 1
print "****************************************"
print " You may not change this user's password"
print "****************************************"
userip=`who am i`
DAYRUN=`date +%Y%m%d`
echo "*** "$UXUSER" "$DAYRUN" "$userip >> resetpw.log
exit
}
while : ;
do
print -n " Enter the CMS LOGIN Account to reset or 'q' to quit: "
get_response
UXUSER=$response
if [ "$UXUSER" = "" ]
then
print "****************************"
print "Please enter a user to reset: "
print "****************************"
continue
#Users listed in the else case $UXUSER list are not allowed to be reset
else
case $UXUSER in
root) invalid_user ;;
bin) invalid_user ;;
sys) invalid_user ;;
adm) invalid_user ;;
lp) invalid_user ;;
uucp) invalid_user ;;
nuucp) invalid_user ;;
listen) invalid_user ;;
nobody) invalid_user ;;
noaccess) invalid_user ;;
nobody4) invalid_user ;;
esac
fi
sleep 2
print "*********************************"
print "Resetting password for $UXUSER : "
print "*********************************"
sleep 2
userip=`who am i`
DAYRUN=`date +%Y%m%d`
echo $UXUSER" "$DAYRUN" "$userip >> resetpw.log
/usr/bin/passwd -d -f $UXUSER
sleep 2
done
- Stinney
Favorite all too common vendor responses: "We've never seen this issue before." AND "No one's ever wanted to use it like that before.
- Status