Changing password on multiple zLinux servers
Running zLinux as Guests on zVM is fantastic until it comes time to reset your password across multiple servers. The guest servers are multiply like rabbits. We are a shop new to Linux on the mainframe and have a question. Is there a way to apply without using LDAP, or to issue a series of commands like passwd across multiple servers either through SSH or other method from a single server. Where should I point my "learning curve" to resolve this? I am new to scripting, but how different from REXX can it be? Thanks in advance for any comments and insight James Chaplin Systems Programmer USCBP -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
CHAPLIN, JAMES (CTR) wrote: Running zLinux as Guests on zVM is fantastic until it comes time to reset your password across multiple servers. The guest servers are multiply like rabbits. We are a shop new to Linux on the mainframe and have a question. Is there a way to apply without using LDAP, or to issue a series of commands like passwd across multiple servers either through SSH or other method from a single server. Where should I point my "learning curve" to resolve this? I am new to scripting, but how different from REXX can it be? Thanks in advance for any comments and insight James Chaplin Systems Programmer USCBP -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 LDAP is clearly the perferred solution for this situation. However, if you don't want to do that see chpasswd. Somthing like... echo 'user:newpass' | chpasswd ... could be pushed out to the other servers using ssh. ~rich -- -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
Actually, for users across multiple systems, I think LDAP is your friend. You can restrict users to specific Linux guests, a single password change effects the user across all the systems, it enforces the uid being the same across all the systems (important if you use nfs or ftp...) and you have a single point for account maintenance. There's some effort in setting it up, but in the end, it will save you considerable time. -- .~.Robert P. Nix Mayo Foundation /V\RO-OE-5-55200 First Street SW /( )\ 507-284-0844 Rochester, MN 55905 ^^-^^ - "In theory, theory and practice are the same, but in practice, theory and practice are different." On 10/26/07 8:17 AM, "CHAPLIN, JAMES (CTR)" <[EMAIL PROTECTED]> wrote: > Running zLinux as Guests on zVM is fantastic until it comes time to > reset your password across multiple servers. The guest servers are > multiply like rabbits. We are a shop new to Linux on the mainframe and > have a question. > > Is there a way to apply without using LDAP, or to issue a series of > commands like passwd across multiple servers either through SSH or other > method from a single server. Where should I point my "learning curve" to > resolve this? I am new to scripting, but how different from REXX can it > be? > > Thanks in advance for any comments and insight > James Chaplin > Systems Programmer > USCBP > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
Since you are running on VM. It should be easy to come up with an exec that
would use secuser to issue passwd commands to every linux server.
Calvin Fisher
"CHAPLIN, JAMES
(CTR)"
<[EMAIL PROTECTED] To
sociates.dhs.gov> LINUX-390@VM.MARIST.EDU
Sent by: Linux on cc
390 Port
<[EMAIL PROTECTED] Subject
IST.EDU> Changing password on multiple
zLinux servers
10/26/2007 09:17
AM
Please respond to
Linux on 390 Port
<[EMAIL PROTECTED]
IST.EDU>
Running zLinux as Guests on zVM is fantastic until it comes time to
reset your password across multiple servers. The guest servers are
multiply like rabbits. We are a shop new to Linux on the mainframe and
have a question.
Is there a way to apply without using LDAP, or to issue a series of
commands like passwd across multiple servers either through SSH or other
method from a single server. Where should I point my "learning curve" to
resolve this? I am new to scripting, but how different from REXX can it
be?
Thanks in advance for any comments and insight
James Chaplin
Systems Programmer
USCBP
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
<><><>
Re: Changing password on multiple zLinux servers
Hi James, Maybe you can take a look at multixterm (http://expect.nist.gov/example/multixterm.man.html). I haven't used it but it seems to provide what you are looking for, before using the utility you need to install expect and tk. Regards, Jose -Original Message- From: RPN01 [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 9:28 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Changing password on multiple zLinux servers Actually, for users across multiple systems, I think LDAP is your friend. You can restrict users to specific Linux guests, a single password change effects the user across all the systems, it enforces the uid being the same across all the systems (important if you use nfs or ftp...) and you have a single point for account maintenance. There's some effort in setting it up, but in the end, it will save you considerable time. -- .~.Robert P. Nix Mayo Foundation /V\RO-OE-5-55200 First Street SW /( )\ 507-284-0844 Rochester, MN 55905 ^^-^^ - "In theory, theory and practice are the same, but in practice, theory and practice are different." On 10/26/07 8:17 AM, "CHAPLIN, JAMES (CTR)" <[EMAIL PROTECTED]> wrote: > Running zLinux as Guests on zVM is fantastic until it comes time to > reset your password across multiple servers. The guest servers are > multiply like rabbits. We are a shop new to Linux on the mainframe and > have a question. > > Is there a way to apply without using LDAP, or to issue a series of > commands like passwd across multiple servers either through SSH or other > method from a single server. Where should I point my "learning curve" to > resolve this? I am new to scripting, but how different from REXX can it > be? > > Thanks in advance for any comments and insight > James Chaplin > Systems Programmer > USCBP > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 Scanned by McAfee SCM1 Scanned by Triple-S SCM1 - *Attention* This electronic message, including any attachments, contains information that may be legally confidential and/or privileged. The information is intended solely for the individual or entity named above and access by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error and delete it from your system.
Re: Changing password on multiple zLinux servers
> Is there a way to apply without using LDAP, or to issue a series of > commands like passwd across multiple servers either through SSH or other > method from a single server. Where should I point my "learning curve" to There are - the cluster computing people have a pile of tools for issuing the same commands on many boxes at once and they'll work for virtual machines. That said: LDAP is probably what you want to consider instead as its designed for this sort of central management. See: http://www.netfort.gr.jp/~dancer/software/dsh.html http://www.cyberciti.biz/tips/execute-commands-on-multiple-hosts-using-expect-tool-part-iii.html -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
To expand James' answer a bit (I've never used the chpasswd command): for I in system1 system2 system3 ; do ssh [EMAIL PROTECTED] 'echo "user:newpass" | chpasswd' done The list of systems could be given by hand, as above, or could be pulled from a file, as in "for I in `cat system.names` ; do" (not sure what the various e-mail programs will do with that, but those are back-ticks around the cat command. You can speed this process up by trading a public key with all the servers involved, such that you wouldn't need to enter a password for each server. With that in mind, it would be a better idea to use another, properly privledged userid, other than root, to perform the task. Maybe go with "ssh [EMAIL PROTECTED] 'echo "user:newpass" | sudo chpasswd'", and pass around a public key for "pswdguy". -- .~.Robert P. Nix Mayo Foundation /V\RO-OE-5-55200 First Street SW /( )\ 507-284-0844 Rochester, MN 55905 ^^-^^ - "In theory, theory and practice are the same, but in practice, theory and practice are different." On 10/26/07 8:45 AM, "Richard Lynch" <[EMAIL PROTECTED]> wrote: > CHAPLIN, JAMES (CTR) wrote: >> Running zLinux as Guests on zVM is fantastic until it comes time to >> reset your password across multiple servers. The guest servers are >> multiply like rabbits. We are a shop new to Linux on the mainframe and >> have a question. >> >> Is there a way to apply without using LDAP, or to issue a series of >> commands like passwd across multiple servers either through SSH or other >> method from a single server. Where should I point my "learning curve" to >> resolve this? I am new to scripting, but how different from REXX can it >> be? >> >> Thanks in advance for any comments and insight >> James Chaplin >> Systems Programmer >> USCBP >> >> -- >> For LINUX-390 subscribe / signoff / archive access instructions, >> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or >> visit >> http://www.marist.edu/htbin/wlvindex?LINUX-390 >> >> > LDAP is clearly the perferred solution for this situation. However, if > you don't want to do that see chpasswd. Somthing like... > > echo 'user:newpass' | chpasswd > > ... could be pushed out to the other servers using ssh. > > ~rich > > > > > -- > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
A little off topic, but coordinating UIDs doesn't matter to FTP because you supply a username when you login. With SCP and SFTP you can supply the username, but the default is the name you logged in with, but it does not use the UID (it uses the name). However, TAR and PAX archives store the UID (depending on some command line options), so they tend to cause the owner of a file to be wrong when restored on a different system then the one they were created. Basically it is a good idea to coordinate all the UIDs on all systems to avoid problems. -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of RPN01 Sent: Friday, October 26, 2007 6:28 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Changing password on multiple zLinux servers Actually, for users across multiple systems, I think LDAP is your friend. You can restrict users to specific Linux guests, a single password change effects the user across all the systems, it enforces the uid being the same across all the systems (important if you use nfs or ftp...) and you have a single point for account maintenance. There's some effort in setting it up, but in the end, it will save you considerable time. -- .~.Robert P. Nix Mayo Foundation /V\RO-OE-5-55200 First Street SW /( )\ 507-284-0844 Rochester, MN 55905 ^^-^^ - "In theory, theory and practice are the same, but in practice, theory and practice are different." On 10/26/07 8:17 AM, "CHAPLIN, JAMES (CTR)" <[EMAIL PROTECTED]> wrote: > Running zLinux as Guests on zVM is fantastic until it comes time to > reset your password across multiple servers. The guest servers are > multiply like rabbits. We are a shop new to Linux on the mainframe and > have a question. > > Is there a way to apply without using LDAP, or to issue a series of > commands like passwd across multiple servers either through SSH or other > method from a single server. Where should I point my "learning curve" to > resolve this? I am new to scripting, but how different from REXX can it > be? > > Thanks in advance for any comments and insight > James Chaplin > Systems Programmer > USCBP > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 CONFIDENTIALITY NOTICE: This email from the State of California is for the sole use of the intended recipient and may contain confidential and privileged information. Any unauthorized review or use, including disclosure or distribution, is prohibited. If you are not the intended recipient, please contact the sender and destroy all copies of this email. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
>>> On Fri, Oct 26, 2007 at 11:31 AM, in message <[EMAIL PROTECTED]>, "Fargusson.Alan" <[EMAIL PROTECTED]> wrote: > However, TAR and PAX archives store the UID > (depending on some command line options), so they tend to cause the owner of > a file to be wrong when restored on a different system then the one they were > created. >From what I've experienced, GNU tar stores uid/gid _and_ username/groupname. >During the extract process, if the same user and group are on the system, it >uses them. If not, it restores things using uid/gid. > Basically it is a good idea to coordinate all the UIDs on all systems to > avoid problems. Agreed. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
<><><>
Re: Changing password on multiple zLinux servers
On Friday, 10/26/2007 at 09:47 EDT, Alan Cox <[EMAIL PROTECTED]> wrote: > There are - the cluster computing people have a pile of tools for issuing > the same commands on many boxes at once and they'll work for virtual > machines. On VM you can use the CP SEND command from the central server. No extra software on the guests required. This kind of thing works best, however, if the guests are configured to bypass the login prompt when they boot. Otherwise you have to authenticate if not already logged in. > That said: LDAP is probably what you want to consider instead as its > designed for this sort of central management. LDAP is also a good bet as you tend not to fall afoul of security policies and auditors. They know LDAP and it is likely already on their "A" list. A home-grown solution may create more headaches than it solves. Even with CP SEND, any class C user can send commands anonymously (from Linux's point of view). Alan Altmark z/VM Security Weasel IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Changing password on multiple zLinux servers
Hi all ,
Just to complete Robert's script there is a few procedures that I complement .
Use ssh exchange key with root ID or another user that could sudo to root and
create the same user in all server ( maybe because that root is better ) . The
first time you should to put the password in all server but after that the work
will be easiest .
TIP : A good link to explain how to do that -> http://www.oreilly.com/pub/h/66
After that create a list of the server and change the script to something
like this :
for SERVER in $(cat list_of_servers) ; do
ssh [EMAIL PROTECTED] '${1}'
if [ $? -eq 0 ] ; then
echo "Command $1 in $SERVER execute OK"
else
echo " Error in $SERVER execution "
fi
done
in that way you can use this script to the most of the commands that you need
to run in more than one server .
You can use cp send in a rexx script too .
Best Regards,
Saulo Augusto Silva
IBM zLinux Support
RPN01 <[EMAIL PROTECTED]> wrote: To expand James' answer a bit (I've never used
the chpasswd command):
for I in system1 system2 system3 ; do
ssh [EMAIL PROTECTED] 'echo "user:newpass" | chpasswd'
done
The list of systems could be given by hand, as above, or could be pulled
from a file, as in "for I in `cat system.names` ; do" (not sure what the
various e-mail programs will do with that, but those are back-ticks around
the cat command.
You can speed this process up by trading a public key with all the servers
involved, such that you wouldn't need to enter a password for each server.
With that in mind, it would be a better idea to use another, properly
privledged userid, other than root, to perform the task. Maybe go with "ssh
[EMAIL PROTECTED] 'echo "user:newpass" | sudo chpasswd'", and pass around a
public
key for "pswdguy".
--
.~.Robert P. Nix Mayo Foundation
/V\RO-OE-5-55200 First Street SW
/( )\ 507-284-0844 Rochester, MN 55905
^^-^^ -
"In theory, theory and practice are the same, but
in practice, theory and practice are different."
On 10/26/07 8:45 AM, "Richard Lynch" wrote:
> CHAPLIN, JAMES (CTR) wrote:
>> Running zLinux as Guests on zVM is fantastic until it comes time to
>> reset your password across multiple servers. The guest servers are
>> multiply like rabbits. We are a shop new to Linux on the mainframe and
>> have a question.
>>
>> Is there a way to apply without using LDAP, or to issue a series of
>> commands like passwd across multiple servers either through SSH or other
>> method from a single server. Where should I point my "learning curve" to
>> resolve this? I am new to scripting, but how different from REXX can it
>> be?
>>
>> Thanks in advance for any comments and insight
>> James Chaplin
>> Systems Programmer
>> USCBP
>>
>> --
>> For LINUX-390 subscribe / signoff / archive access instructions,
>> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
>> visit
>> http://www.marist.edu/htbin/wlvindex?LINUX-390
>>
>>
> LDAP is clearly the perferred solution for this situation. However, if
> you don't want to do that see chpasswd. Somthing like...
>
> echo 'user:newpass' | chpasswd
>
> ... could be pushed out to the other servers using ssh.
>
> ~rich
>
>
>
>
> --
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
