Hello!
    I work at a university.  Twice a year, I'm given a list of new
students (about 300lines) and asked to create accounts.  I need a way
to set the password for each new user, but the sysadmin here won't let
me use expect.  Am I just stuck with manually entering passwords for
each user, or is there some hope?

Thanks!
~John C. Linford
johnlinford at mail dot weber dot edu

John C. Linford <johnlinford@mail.weber.edu> wrote:
> Hello!
>     I work at a university.  Twice a year, I'm given a list of new
> students (about 300lines) and asked to create accounts.  I need a way
> to set the password for each new user, but the sysadmin here won't let
> me use expect.  Am I just stuck with manually entering passwords for
> each user, or is there some hope?

Is a reason given that expect isn't to be used?

You need to either automate 'passwd', or you need to populate the
contents of /etc/shadow yourself with all the locking hazards that
entails.

-- 
Darren Dunham                                           ddunham@taos.com
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

John C. Linford wrote:
> Hello!
>     I work at a university.  Twice a year, I'm given a list of new
> students (about 300lines) and asked to create accounts.  I need a way
> to set the password for each new user, but the sysadmin here won't let
> me use expect.  Am I just stuck with manually entering passwords for
> each user, or is there some hope?
> 
> Thanks!
> ~John C. Linford
> johnlinford at mail dot weber dot edu

If you can create user accounts then you have root privileges, and thus 
you *are* the sysadmin (use of roles excluded). Use any tools you have 
at your disposal (ed, sed, etc.) to get default passwords in for the new 
users and force them to change at first login.

Get the sysadmin sacked for being BOFH.

Ok man ... I'll bite ... whats BOFH ?



"Beardy" <beardy@beardy.net> wrote in message
news:9EBNb.24567$qx2.2676098@stones.force9.net...
> John C. Linford wrote:
> > Hello!
> >     I work at a university.  Twice a year, I'm given a list of new
> > students (about 300lines) and asked to create accounts.  I need a way
> > to set the password for each new user, but the sysadmin here won't let
> > me use expect.  Am I just stuck with manually entering passwords for
> > each user, or is there some hope?
> >
> > Thanks!
> > ~John C. Linford
> > johnlinford at mail dot weber dot edu
>
> If you can create user accounts then you have root privileges, and thus
> you *are* the sysadmin (use of roles excluded). Use any tools you have
> at your disposal (ed, sed, etc.) to get default passwords in for the new
> users and force them to change at first login.
>
> Get the sysadmin sacked for being BOFH.
>

On Thu, 15 Jan 2004, Chris Vidal wrote:

> Ok man ... I'll bite ... whats BOFH ?

First, what WAS your username?

BOFH == Bastard Operator From Hell, as immortalised by Simon
Travaglia's excellent (and very funny) stories.

You can get 'em from here (if your eyes don't burn out from the
gaudy colours first!):

	http://bofh.ntk.net/Bastard.html

Enjoy!

-- 
Rich Teer, SCNA, SCSA

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

Rich Teer wrote:
> On Thu, 15 Jan 2004, Chris Vidal wrote:
> 
> 
>>Ok man ... I'll bite ... whats BOFH ?
> 
> 
> First, what WAS your username?
> 

With a surname like "Vidal", and the inclination to bite, the username 
should surely be "gore" ;-)

Below is a perl script that generates random passwords and print them in 
format cleartext:encrypted.
All you need is to replace the password hash in /etc/shadow file for 
that user with whatever was generated after the colon sign. You can use 
any conventional method for it (eg. sed,perl).
Then you communicate the part before the colon side with the student.


#!/usr/local/bin/perl
# This generates passwords and encrypts them so that the passwd field can
# be placed directly in the shadow file.
srand(time() ^ ($$ + ($$ << 15)) );
$secret = "";
while (! ($secret =~ /\w{10}/)) {
         $roll = int(rand 255);
         $char = chr($roll);
         if ($char =~ /\w{1}/) {
         $secret = $secret . $char;
         }
}
$passwd=substr($secret, 2,10);
$salt=$secret;
print $passwd, ':' , crypt($passwd, $salt);
print "\n";

John C. Linford wrote:
> Hello!
>     I work at a university.  Twice a year, I'm given a list of new
> students (about 300lines) and asked to create accounts.  I need a way
> to set the password for each new user, but the sysadmin here won't let
> me use expect.  Am I just stuck with manually entering passwords for
> each user, or is there some hope?
> 
> Thanks!
> ~John C. Linford
> johnlinford at mail dot weber dot edu

Yura Pismerov wrote:
> Below is a perl script that generates random passwords and print them in 
> format cleartext:encrypted.
> All you need is to replace the password hash in /etc/shadow file for 
> that user with whatever was generated after the colon sign. You can use 
> any conventional method for it (eg. sed,perl).
> Then you communicate the part before the colon side with the student.
> 
> 
> #!/usr/local/bin/perl
> # This generates passwords and encrypts them so that the passwd field can
> # be placed directly in the shadow file.
> srand(time() ^ ($$ + ($$ << 15)) );
> $secret = "";
> while (! ($secret =~ /\w{10}/)) {
>         $roll = int(rand 255);
>         $char = chr($roll);
>         if ($char =~ /\w{1}/) {
>         $secret = $secret . $char;
>         }
> }
> $passwd=substr($secret, 2,10);
> $salt=$secret;
> print $passwd, ':' , crypt($passwd, $salt);
> print "\n";
> 

And if you run this script on an insecure connection (eg. telnet), then 
why not just publish the users' passwords?

Roughly 1/15/04 12:46, Beardy's monkeys randomly typed:

> Rich Teer wrote:
>> On Thu, 15 Jan 2004, Chris Vidal wrote:
>> 
>> 
>>>Ok man ... I'll bite ... whats BOFH ?
>> 
>> 
>> First, what WAS your username?
>> 
> 
> With a surname like "Vidal", and the inclination to bite, the username 
> should surely be "gore" ;-)
> 
   "Hello, Mr. Veedle? mphffmmphf!"

Darren Dunham wrote:

> John C. Linford <johnlinford@mail.weber.edu> wrote:
> > Hello!
> >     I work at a university.  Twice a year, I'm given a list of new
> > students (about 300lines) and asked to create accounts.  I need a way
> > to set the password for each new user, but the sysadmin here won't let
> > me use expect.  Am I just stuck with manually entering passwords for
> > each user, or is there some hope?
>
> Is a reason given that expect isn't to be used?
>
> You need to either automate 'passwd', or you need to populate the
> contents of /etc/shadow yourself with all the locking hazards that
> entails.
>
> --
> Darren Dunham                                           ddunham@taos.com
> Unix System Administrator                    Taos - The SysAdmin Company
> Got some Dr Pepper?                           San Francisco, CA bay area
>          < This line left intentionally blank to confuse you. >

To the OP: given that you know the root password, why don't you
install expect, then use it?  (You could always change its name if
someone thinks you don't have the ability to screw things up already).

It should be emphasized that this sort of thing should never be done
from a remote terminal - that's why the things have a system console.
There are thousands of easy ways of monitoring anything going on at
a remote, even given that you are using ssh or some such.

Speaking only for myself,

Joe Durusau

joe durusau <joe.durusau@lmco.com> wrote:
> Darren Dunham wrote:
>> John C. Linford <johnlinford@mail.weber.edu> wrote:
>> > Hello!
>> >     I work at a university.  Twice a year, I'm given a list of new
>> > students (about 300lines) and asked to create accounts.  I need a way
>> > to set the password for each new user, but the sysadmin here won't let
>> > me use expect.  Am I just stuck with manually entering passwords for
>> > each user, or is there some hope?
>>
>> Is a reason given that expect isn't to be used?

> To the OP: given that you know the root password, why don't you
> install expect, then use it?  (You could always change its name if
> someone thinks you don't have the ability to screw things up already).

That doesn't sound very professional to me.  There may be a legitimate
reason for the prohibition.  Unless the OP asks and reports back though,
we won't know if there is or not.

-- 
Darren Dunham                                           ddunham@taos.com
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Yura Pismerov, I bow before you awesome wizzard of the shadow!

I probably should have mentioned in my first message that I can do
locking, unlocking etc, etc, so this script is perfect.  Thanks again!

~John C.

Also, thanks to Beardy for BOFH. ;)


Yura Pismerov <ypismerov@tucows.com> wrote in message news:<bu6v58$fg6$1@yura.org>...
> Below is a perl script that generates random passwords and print them in 
> format cleartext:encrypted.
> All you need is to replace the password hash in /etc/shadow file for 
> that user with whatever was generated after the colon sign. You can use 
> any conventional method for it (eg. sed,perl).
> Then you communicate the part before the colon side with the student.
> 
> 
> #!/usr/local/bin/perl
> # This generates passwords and encrypts them so that the passwd field can
> # be placed directly in the shadow file.
> srand(time() ^ ($$ + ($$ << 15)) );
> $secret = "";
> while (! ($secret =~ /\w{10}/)) {
>          $roll = int(rand 255);
>          $char = chr($roll);
>          if ($char =~ /\w{1}/) {
>          $secret = $secret . $char;
>          }
> }
> $passwd=substr($secret, 2,10);
> $salt=$secret;
> print $passwd, ':' , crypt($passwd, $salt);
> print "\n";
> 
> John C. Linford wrote:
> > Hello!
> >     I work at a university.  Twice a year, I'm given a list of new
> > students (about 300lines) and asked to create accounts.  I need a way
> > to set the password for each new user, but the sysadmin here won't let
> > me use expect.  Am I just stuck with manually entering passwords for
> > each user, or is there some hope?
> > 
> > Thanks!
> > ~John C. Linford
> > johnlinford at mail dot weber dot edu

Rich Teer <rich.teer@rite-group.com> writes:

> You can get 'em from here (if your eyes don't burn out from the
> gaudy colours first!):

Use opera as your browser, and remedy atrocities like that with Ctrl-G.
(toggles between author mode, which honors font and color choices,
and user mode, which does not.)

tim

John C. Linford wrote:
> Also, thanks to Beardy for BOFH. ;)
> 

To quote from Hitchhiker's "Share and enjoy, share and enjoy..." :-)

Beardy <beardy@beardy.net> wrote:
> And if you run this script on an insecure connection (eg. telnet), then 
> why not just publish the users' passwords?

Why not just quit now while you're still living in the early/mid 90s if
you're still using telnet over ssh?

PD

-- 
Paul Day      Web: www.bur.st/~bonfire      GPG Key ID: 2EF4ED23

Paul Day wrote:
> Beardy <beardy@beardy.net> wrote:
> 
>>And if you run this script on an insecure connection (eg. telnet), then 
>>why not just publish the users' passwords?
> 
> 
> Why not just quit now while you're still living in the early/mid 90s if
> you're still using telnet over ssh?
> 
> PD
> 

Telnet over ssh??? Nah. Living in the 90's? Yes please ;-)

On Fri, 16 Jan 2004, joe durusau wrote:
> It should be emphasized that this sort of thing should never be done
> from a remote terminal - that's why the things have a system console.
> There are thousands of easy ways of monitoring anything going on at
> a remote, even given that you are using ssh or some such.

If you check hosts pubkey the MIM attack is impossible, so the data can
not be intercepted during network transmission. So, the question: What is
the difference in this case between console and ssh from (trusted) remote
host?

Regards,
ASK