SUMMARY: Creating Default Passwords at Account Generation Time

From: Joel L. Seber ... CH210 (JLS2013%tntech.bitnet@eecs.nwu.edu)
Date: Mon Aug 12 1991 - 22:10:24 CDT


First of all, many thanks to the almost 50 people who responded!!
 
My original query was:
 
====================================
 
I create hundreds of accounts for our students on our network
of 56 SUN SS-1s, 2s, and IPCs each academic semester. I have
procedures written to take care of all that. I would like to
add the feature of setting up default passwords based on their
social security numbers so that no one else can log into their
new accounts and lock them out. I have already tried:
 
yppasswd username <new-password
 
where 'new-password' is a file containing the intended password
twice. passwd and yppasswd do not read normal input from stdin,
however.
 
Have any of you done this, or something similiar? Any thoughts,
ideas, etc. would be much appreciated and summarized.
 
================================================
 
First, to clear up something I had left out inadverantly, I get my info for
creating accounts from our computer center for each class. I have a C program
which separates the parts I need, reassembles them into the correct form,
and adds the pertinent UNIX passwd stuff around it to make an /etc/passwd
entry for each student.
 
For the record, I mentioned social security numbers for several reasons:
 
    o Student account names contain parts of their SSN;
 
    o Our students are all keyed in the university structure by their
       SSN, and they must use it whenever cashing checks, paying fees,
       and more, so they have to learn it;
 
    o Our campus computer center uses the same username convention we do;
 
    o and finally, Our students must have ID cards with their SSNs on them.
 
 
I realize that SSNs are not extremely secure, but they are better than the
simple <RETURN> we have used before...
 
Having said that, I now summarize the rest of the responses:
 
Many pointed me in the direction of a program called 'expect' by Don
Libes. I am certainly going to get a copy of this code. Don's README
file says to get 'expect' and a required companion program, 'Tcl', from
durer.cme.nist.gov in /pub/expect.shar.Z and pub/tcl.tar.Z.
 
Others actually sent me code of various types and sizes. Rather than
reproduce them here and REALLY tie the nets up, here is a list of persons
who were exceptionally kind enough to provide and sometimes write on-the-
spur-of-the-moment code for me:
 
Ian_Reddy@ucs.sfu.ca Ian Reddy
jeg@ced.berkeley.edu James Ganong
mark@deltam.com Mark Galbraith
kwhite@csi.uottawa.ca Keith White
ted@borgil.uchicago.edu Ted Rodriguez-Bell
Miker@sbcoc.com Mike Raffety *see below!
jrich@ucrmath.ucr.edu John Richardson
phil@dgbt.doc.ca Phil Blanchfield
b.rea@csc.canterbury.ac.nz Bill Rea
dit@uk.ac.aberdeen.maths David Tock *see below!
fisch@uni-paderborn.de Klaus Hering
marlys.a.nelson@uwrf.edu Marlys A. Nelson
 
I got everything from shell code (C and Bourne) to perl to C. Two of these
I have to mention here, as they are short and functional.
 
        o Mike Rafferty said,
 
>Try doing the yppasswd command through an rsh, e.g.:
>
>(echo newpasswd; echo newpasswd) | rsh localhost yppasswd username
 
I tried it; it works fine as long as the account has no password beforehand,
as mine won't. Great job, Mike!
 
        o David Tock said,
 
>...
>The following program will take two command line arguments and print the
>encrypted key.
>
>-----------------mkpasswd.c--------------
>main(argc,argv)
>char ** argv;
>{
>printf("%s",crypt(argv[1],argv[2]));
>}
>------------------------------------------
>
>The first argument is the password to be encrypted, the second is a key.
>Read man crypt(3) for further details.
>...
 
David, your suggestion is superb also! I am going to try it in my account
generation program (written in C) as soon as time permits.
 
Again, I am VERY grateful to all who wrote code as well as those who didn't.
Every response was important to me, because I learned. I include these because
they work and they were short enough to include in the summary. I intend to
look at all of the programs sent and see which is best for my situation.
Everyone, please continue to include pertinent code when responding to a
request if it is reasonable to do so. It helps everyone learn so much better!
 
One last item: some program writers asked me directly not to include their
code directly in my summary, but asked me to direct any questions about
obtaining their code to them. Everyone who supplied code is noted above.
The central crux of the matter is crypt(3). If I had understood passwords
better, it would have been enough. Now, thanks to the list, I do.
 
As I have been bragging around TTU for quite some time, the SUN-MANAGERS
list is the best I have *EVER* seen. Kudos to all, and I hope I can help
you in some way someday.
 
With sincere thanks,
 
Joel L. Seber | Dry humor is wasted around here.
SUN Workstation Laboratory Manager |
Center for Manufacturing Research | -Joel L. Seber
      and Technology Utilization |
Tennessee Technological University |
Cookeville, TN 38505 |
                                        |
jls2013@tntech.bitnet |



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:20 CDT