How to generate new User Passwords to enforce Security Policies

Jump to: navigation, search


The following article explains how to delete the user's password and return a random password that the user must later supply to the login process to login and pick a new password on a Trusted System.

This may be required when new password policies must needs to be enforced. Is common to reset the users password and request that a new one is chose on next login.


1. Create a list of the logins which passwords will be generated. This can be done manually or based on the current /etc/passwd file. For example:

# awk -F":" '{print $1}' /etc/passwd > /tmp/logins
# cat /tmp/logins

2. Edit the /etc/passwd file and remove the standard HP-UX system accounts, including root. Many of this accounts not even have passwords defined.

3. Use the modprpw -x command to create a new password for each account. The following script can be used to set the passwords for all the logins in the /tmp/logins file. The new passwords are store at /tmp/modprpw.stdout file.

> /tmp/modprpw.stdout

for login in $(cat /tmp/logins)
printf "%-20s\t" $login >> /tmp/modprpw.stdout
/usr/lbin/modprpw -x $login >> /tmp/modprpw.stdout

3. Check the new passwords for the users. For example:

# cat /tmp/modprpw.stdout
izurieta                passwd=diwitvap
charles                 passwd=geildani