If you manage a server with many different users or just your family computer you will probably have many different accounts to manage, and one important aspect of any account it’s its password.
In this small article I’ll show you how to use the basic passwd
command but also how to do some small bash script or use a web application, if you have a more complex environment, such as a central ldap server that keep all your accounts information.
1) Passwd
First method to change the password for an account, the good and old passwd
command.
The passwd
command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account. passwd
also changes the account or associated password validity period.
Basic usage of passwd
as root that want to change the password of user tom in the interactive way:
[root@myhost ~]# passwd tom
Changing password for user tom.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
So just use the command passwd
followed by the username, and you’ll change his password.
2) Chpasswd
The command chpasswd
is used to change the password of multiple users in batch mode.
The chpasswd
command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:
user_name:password
By default the passwords must be supplied in clear-text, and are encrypted by chpasswd.
Also the password age will be updated, if present.
# Chpasswd command is very simple to use
[ root@myhost ~ ] # echo "tom:1234" | chpasswd
# Using the passwd command, you can also change the password in a batch like mode
[ root@myhost ~ ] # echo "1234" | passwd --stdin "tom"
Changing password for user tom.
passwd: All authentication tokens Updated successfully.
3) Using expect to build an interactive script
Expect is a program that “talks” to other interactive programs according to a script. Following the script, Expect knows what can be expected from a program and what the correct response should be. An interpreted language provides branching and high-level control structures to direct the dialogue. In addition, the user can take control and interact directly when desired, afterward returning control to the script.
So we could make a simple script called changepasswd.sh that contains something like this:
#!/bin/sh
# \
exec expect -f "$0" "$@"
if { $argc != 2 } {
puts "Usage: $argv0 "
exit 1
}
set password [lindex $argv 1]
spawn passwd [lindex $argv 0]
sleep 1
expect "assword:"
send "$password\r"
expect "assword:"
send "$password\r"
expect eof
And the output will be something similar to this one:
[root@myhost ~]# ./changepasswd.sh tom 1234
spawn passwd tom
Changing password for user tom.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
4) Using a web application
If you have a larger environment probably you are using an LDAP server to manage centrally all your accounts, in this case the above solutions are not useful and you need something that can change the password on your ldap server and that it’s easily usable by your users, I suggest to take a look at the LTB Project.
Self Service Password is a PHP application that allows users to change their password in an LDAP directory.
The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.
It has the following features:
- Samba mode to change Samba passwords
- Active directory mode
- Local password policy:
- Minimum/maximum length
- Forbidden characters
- Upper, Lower, Digit or Special characters counters
- Reuse old password check
- Complexity (different class of characters)
- Help messages
- Reset by questions
- Reset by mail challenge (token sent by mail)
- Reset by SMS (trough external Email 2 SMS service)
- reCAPTCHA (Google API)
- Mail notification after password change
Article provided by Asapy
Reference: