How to generate new User Passwords to enforce Security Policies
Abstract
The following article explains how to delete the user's password and return a random password that the user must later supply to the login process to login and pick a new password on a Trusted System.
This may be required when new password policies must needs to be enforced. Is common to reset the users password and request that a new one is chose on next login.
Contents
Procedure
1. Create a list of the logins which passwords will be generated. This can be done manually or based on the current /etc/passwd file. For example:
# awk -F":" '{print $1}' /etc/passwd > /tmp/logins
# cat /tmp/logins charles izurieta ...
2. Edit the /etc/passwd file and remove the standard HP-UX system accounts, including root. Many of this accounts not even have passwords defined.
3. Use the modprpw -x command to create a new password for each account. The following script can be used to set the passwords for all the logins in the /tmp/logins file. The new passwords are store at /tmp/modprpw.stdout file.
> /tmp/modprpw.stdout
for login in $(cat /tmp/logins)
do
printf "%-20s\t" $login >> /tmp/modprpw.stdout
/usr/lbin/modprpw -x $login >> /tmp/modprpw.stdout
done
3. Check the new passwords for the users. For example:
# cat /tmp/modprpw.stdout
izurieta passwd=diwitvap
charles passwd=geildani
Reference
- SAW: HP-UX 11i - Trusted System - Generate new User Passwords to enforce Security Policies
- WFM: 4603802392
- modprpw(1M)