Sun Gurus,
Looks like I wasn't alone in this one...I got a lot of help and a lot of
"me too's" on this subject. I ended up using all scripts in my efforts,
some of which were donated and some of which I wrote. I didn't mention this
earlier but I am working on a machine running Solaris 2.3 so the scripts
are specific to that version of the OS. However, all I use are the useradd
and password programs that come with solaris to create the user account, his/
her home directory and his/her password entry. I use username for the
comment field (Full Name) and generate a random password with the perl script.
So, you don't absolutely need the perl script if you don't want to do random
passwords. There is a short explanation before each script.
The scripts used include:
csh (standard UNIX script)
perl (not sure where to find this anymore...use archie)
tcl (ftp://ftp.cs.berkeley.edu/ucb/tcl/tcl7.3.tar.Z)
(tk is also at the above site)
expect (ftp://ftp.cme.nist.gov/pub/expect/expect.tar.Z)
Tcl and expect compile virtually "out of the box" (I had to change my
compiler from cc to gcc for tcl). But perl takes a little work..below
are a few hints that John McHugh posted to the list late last month for
compiling PERL on Solaris 2.3.
1. Take "/usr/ucb" out of your PATH.
2. Do not use any BSD/UCB libraries.
3. Only -lsocket, -lnsl and -lm are needed. (There is apparently
a problem with -lmalloc also.)
4. Do not use "-I/usr/ucbinclude".
5. Do not use vfork.
6. Hints for Solaris 2.0 are actually better than 2.1 .
7. If you use cc, do not use the -O flag on util.c/tutil.c .
As always this code is submitted for your use without warranty of any kind
blah, blah, blah...you know the drill...USE AT YOUR OWN RISK!
And here are the scripts...
This first script is called pwgen and is a perl script given to me by Jim McLean-Lipinski
Network Administrator, Vermont Dept. of Public Safety. The script originally allowed
for colons (:), commas (,), etc as well, but I decided to take that part out and everything
still works ok.
---------------------------------pwgen-----------------------------------------
#!/usr/local/bin/perl
# Build arrays of characters to be used
@P1=('a','e','i','o','u','y','A','E','I','O','U','Y');
@P2=('b','c','d','f','g','h','j','k','l','m','n','p','q','r','s','t','v','w','x','z','B','C','D','F','G','H','J','K','L','M','N','P','Q','R','S','T','V','W','X','Z');
@P3=('1','2','3','4','5','6','7','8','9','0');
# Randomly shuffle arrays
srand(time()%$$);
srand(int(time()/$$)/rand($$/rand($$)));
for ($i = 1; $i<rand(100)+10; $i++){
srand(time()%$$);
srand(int(time()/$$)/rand($$/rand($$)));
local (@TEMPORARY1);
push(@TEMPORARY1, splice(@P1, rand(@P1), 1))
while @P1;
@P1 = @TEMPORARY1;
srand(time()%$$);
srand(int(time()/$$)/rand($$/rand($$)));
local (@TEMPORARY2);
push(@TEMPORARY2, splice(@P2, rand(@P2), 1))
while @P2;
@P2 = @TEMPORARY2;
srand(time()%$$);
srand(int(time()/$$)/rand($$/rand($$)));
local (@TEMPORARY3);
push(@TEMPORARY3, splice(@P3, rand(@P3), 1))
while @P3;
@P3 = @TEMPORARY3;
}
@TMPL=('21232121','21213212','21232123','21212121','21212312','21321321');
# Select template
srand(time()%$$);
srand(int(time()/$$)/rand($$/rand($$)));
$TMPLLEN=($#TMPL);
$TEMPLATE=$TMPL[int(rand($TMPLLEN))];
# Convert TEMPLATE to an array
$MAX=length($TEMPLATE);
for ($i = 0; $i < $MAX; $i++){
$TMPLT[$i]=substr($TEMPLATE,$i,1);
}
# Build Password template
for ($i=0; $i < $MAX; $i++){
$POS=$TMPLT[$i];
$ARRAY2USE="\$P$POS";
$PWTMPL[$i]=$ARRAY2USE;
}
# Build password from password template
for ($i = 0; $i < $MAX; $i++){
if ($TMPLT[$i] eq "1"){
$ALEN=$#P1;
$CHAR=$P1[int(rand($ALEN))];
}
if ($TMPLT[$i] eq "2"){
$ALEN=$#P2;
$CHAR=$P2[int(rand($ALEN))];
}
if ($TMPLT[$i] eq "3"){
$ALEN=$#P3;
$CHAR=$P3[int(rand($ALEN))];
}
$PW="$PW$CHAR";
}
print "$PW\n";
---------------------------------end pwgen-----------------------------------------
This next script takes as input the username and the password and uses the
password program to change the password for the user specified. This is an
expect script modefied from something that Jim McLean-Lipinski gave me as well.
----------------------------------newpasswd----------------------------------------
#!/usr/local/bin/expect
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd
set password [lindex $argv 1]
set username [lindex $argv 0]
spawn /usr/bin/passwd [lindex $argv 0]
expect {*password:}
send "$password\n"
expect {*password:}
send "$password\n"
expect eof
---------------------------------end newpasswd-------------------------------------
This final script is what I wrote, it reads a list of usernames in DOS test format,
converts it to UNIX text format, takes all the capital letters and converts them
to lowercase letters and then creates the user and gives them a password.
The script is written to log all users added along with their password, but BE
CAREFUL WITH THIS!!!! Make sure you secure that file (chmod 600 only readable
and writeable by root)! I also e-mail the most recent additions to the responsible
person, but careful with this as well. Please be very careful with this script...
it will bomb out if anyone but root tries to run it...but still you don't want to
leave those logfiles just laying around anywhere...USE AT YOUR OWN RISK!
------------------------------------nuad--------------------------------------------
#!/usr/bin/csh
#
# this script will read a file of usernames (uname.dat) created
# on a PC running DOS, convert all the names to lowercase
# characters, convert the DOS text to UNIX text, and then
# create an account with a random password for each username
# that doesn't already have an account on the system
# the accounts created along with their password are logged
# and sent to the person in charge
#
# Derald H McMillan III
# (derald@soltech.com)
# SolTech Systems Corporation 1995
#
# Revisions
# ---------
# change to the root (working) directory
cd /
# remove some working files if they exist
if -f uname.dat then
rm uname.dat
endif
if -f temp then
rm temp
endif
# set up some filenames
set namefile = users.dat
set temp = temp
set usernames = uname.dat
set oldnames = uname.old
set permlogfile = names.log
set logfile = .logfile
# open and secure the temporary logfile
touch .logfile
chmod 600 .logfile
# echo the date and time to the logfile
echo "Current Date: `date +%m`/`date +%d`/`date +%y` Current Time: `date +%H`:`date +%M`:`date +%S`" >> $logfile
echo "" >> $logfile
# convert all capital letters in the users.dat file to lowercase
tr "[A-Z]" "[a-z]" < $namefile > $temp
# convert a dos text file to a unix text file
dos2unix $temp $usernames
# assign an array of usernames
set namearray = (`cat $usernames`)
# initialize the userid to the predetermined series
set uid = 2001
# set up some defaults for the useradd program
/usr/sbin/useradd -D -b /export/home -g 1
# add each user specified if they don't already exist
# in the /etc/passwd file
foreach uname ($namearray)
if (`grep -c $uname /etc/passwd` == 0) then
# create a random password for each user added
set passwd = `/usr/local/bin/pwgen`
# make sure the userid is unique for each user added
while (`grep -c $uid /etc/passwd` != 0)
@ uid = $uid + 1
end
# add the user
/usr/sbin/useradd -u $uid -s /bin/csh -c $uname -m $uname
# give the user the randomly password
/usr/local/bin/newpasswd $uname $passwd
# echo the username and password to the logfile
echo "$uname $passwd" >> $logfile
endif
end
# mail the logfile to the responsible person
/usr/bin/mailx person@company.com < $logfile
# append the logfile to the permanent log
cat $logfile >> $permlogfile
# move the usernames to an file to keep around until next time
mv $usernames $oldnames
chmod 600 $oldnames
# remove temporary files
rm temp .logfile
# end of script
-------------------------------end nuad-------------------------------------------------
If you are using nis+ I'm not sure how you would change this to fit your needs..but it
should be fairly simple...and if you are using the sun package that allows you to run
NIS on Solaris 2.3, then all you should have to do is put it in the script to change
to the /var/yp directory and "make passwd". So customizing for a particular site should
be easy...just rewrite the input for the useradd program and anything else should be
simple as well.
Several other solutions were mentioned...like using a c program to generate the
encripted password or even using a perl program to generate the encripted password
Jeff Victor, Network Administrator for The Sage Colleges had the following to say:
---------------------
If you're not using a naming service (NIS+, yp, etc.) you can encrypt
the desired password and insert it directly into /etc/[passwd | shadow].
I use this program to encrypt passwords:
#include <stdio.h>
#include <crypt.h>
main ()
char s[80];
{
gets (s);
printf ("%s", crypt (s, "sa"));
}
Where "sa" is the salt for the crypt system call, which should also be
randomized.
If you're running yp or NIS+, you must also use the encrypted or
unencrypted password text appropriately, i.e. enter them in yp maps or
stuff them into NIS+ tables with nistbladm.
-------------------------------------------------------------------------
I would like to thank the following people for offering suggestions or comments.
If I left your name out I'm very sorry. Special thanks to Jim McLean-Lipinski
for the scripts and to Simon Burr for the location of expect and Tcl.
minh@codac.codac.telecom.com.au (Minh Tran)
T.D.Lee@durham.ac.uk (David Lee)
wightman@sol.acs.uwosh.edu (Brian Wightman)
jrml@dps.state.vt.us (Jim McLean-Lipinski)
dougcarr@aen.uky.edu (Douglas Carr)
diekema@linus.si.com (Jon Diekema)
simes@tcp.co.uk (Simon Burr)
rdiffend@brutus.ct.gmr.com (Randy Diffenderfer CT/90)
eclrh@sun.leeds.ac.uk (Robert Hill)
orban@advtech.uswest.com (Tom Orban)
P.J.Plane@massey.ac.nz (Phillip Plane)
david@srv.PacBell.COM (David St. Pierre)
perryh@pluto.rain.com (Perry Hutchison)
jos@asml.nl (Jos Schaeps)
victoj@kellas.Sage.EDU (Jeff Victor)
Thanks to the following people for their interest.
moose%ctc.csustan.edu@altair.csustan.edu (Phillip Moose)
bzhu@ma.copley.com (Bill Zhu)
bhiscox@gds.com (William Hiscox)
rich@brake.demon.co.uk (Richard Skelton)
'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'
Derald H McMillan III
SolTech Systems Corporation
1180 Sam Rittenberg Blvd. Phone: 803-556-2500
Suite 310 Fax: 803-556-2596
Charleston, SC 29407 email: derald@soltech.com
http://www.soltech.com
'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:15 CDT