[Spacewalk-list] change root password for all machines in a group
Ian Forde
ianforde at gmail.com
Thu Feb 4 10:23:30 UTC 2010
On Wed, 2010-02-03 at 21:58 -0600, Daniel Wittenberg wrote:
> Could you just push a script to /etc/cron.daily so it'll run auto, and have it replace the md5 crypted pass in /etc/shadow? Then you don't have to pass anything in the clear ?
>
Technically, you'd want to use an 'at' job rather than cron for this,
but that's nothing that Spacewalk's remote command isn't giving you
already. The issue is how to get the new password to the box while:
a) transmitting it such that it cannot be seen on the command line on
the remote box
b) safely updating the entry in /etc/shadow with minimal risk of hosing
the file
c) not putting it in cleartext anywhere that it can be logged by either
Spacewalk or the client machine
Personally, I'd just use sed on /etc/shadow, but I've been using Linux
for over a decade and UNIX for about 2 (decades). So I'm careful and
cautious about what I recommend. I won't recommend sed-ding the shadow
file to others unless they feel comfortable about doing it...
-I
More information about the Spacewalk-list
mailing list